Jaqcqui Cheng from Ars Technica has a great article today about the latest email scam design to trick people into giving up their personal information (including social security number and mother's maiden name), this time, the email is supposedly from the iTunes store and links to a poorly crafted site. You should check out Robert Vamosi's article on Cnet about this as well.
Okay, so this is really nothing new, we talk about phishing scams all the time. However, like Jacqui writes in her article, this is interesting because Apple users are getting targeted. iTunes is cross platform, lots of people use it, and lots of people are used to getting some kind of information from the iTunes store--news, receipts, that kind of thing.
So, I admit--I am on the Internet a lot. I have lots of different accounts, and it just seems that any site that provides any kind of interaction or service requires an email address to get the site's full functionality. I mean, Twitter is cool and all but not all that interesting unless you log in and start building your little community, right? And even if you click on the little check boxes asking not to be emailed about anything when you create an account, do you really think they are not going to email you? And how about sites that email you saying, "Oh, we work with <so and so site that you may or may not be visiting> and you seem pretty cool, you should check out our new site that does <something that sounds vaguely Web 2.0-y, some kind of social networking, community site, whatever>!" Who do you trust, you know? I literally got an email this morning from brightkite.com saying that I had been invited, I should join them, etc, etc, and I looked into and I joined. But I admit, I really didn't know what it was all about (I used my junk email address to join) and when I check my twitter homepage, I realized that a lot of people on Twitter (they seem to be related) had received and invite, joined and then were wondering what brightkite actually did! (It's a kind of location based community site.) It seems to be legit, but this could have easily been an online scam, you know? It's really easy to be taken in by some kind of "hey, join our beta for this cool new on line site, we need your help and you'll be one of the first to be onboard" type of email--we all wanna be in on the ground floor, right?
So that's just a long way of saying that these scams are getting much more targeted. The iTunes scammers know that there are lots and lots of people using iTunes and a lot of these users are probably younger and not as saavy as they should be. Hey,it only takes a few people to submit their personal data to make it worthwhile, right? While it's easy to brush off emails from paypal and eBay, it gets kind of more challenging when the scammers are pretending to be sites you actually go on regularly and regard as "cool".
You gotta be careful. You gotta resist the urge to click those links in the email and just type in "real" URL and see if the offer they are offering is real. Sure, it's nice to have phishing protection--we obviously recommend it, whether or not you use our products--but just make sure the data is up to date. But still, you have to be skeptical and if you get an email asking you for some kind of interaction or to log onto a specific URL to read a message (I get this from Citibank a lot)--just log into the main site and check your messages that way.
thanks for reading!
-mike
