Posted date:  August 30, 2011  | 

This is SPAM.

Here’s how the MobileMe/iCloud phishing attempt works:

Users receive an email pretending to be from Apple with a link to click to upgrade your MobileMe account to iCloud. This seems perfectly reasonable because all if us MobileMe users will be getting a real email to convert MobileMe in the next month or so.

When you click on the link, you are taken to a reasonable facsimile of Apple’s web site and asked to enter your personal info and credit card info. Again, this seems plausible because iTunes does occasionally ask for you to validate your credit card info. If you enter your info, however, it goes straight to the scammer, not to Apple.

I’ve written often about phishing but it never hurts to review what it is and how to protect yourself any time you are entering personal or credit card info:


Look for a secure browser connection before you enter any personal info into a web page. There are two ways you can check for a secure connection. First is by looking at the beginning of the web address in the address bar. It says “https://” (an extra “s” for “secure”). Secondly, there is a padlock icon on the page. In Safari, the padlock icon is on the top right of the window. Its location varies in other browsers.

As an extra layer of security, many websites use something called “certificates” to verify that the site is real. If a website uses a certificate, you will see its name, usually in green. In Safari, it is located on the right of the address bar. The location varies in other locations.

Mail and most other email apps will let you hover over a link in the email message and a popup will appear showing the exact web address of the the link. In the case of the MobileMe/iCloud scam, the address pops us as “http://flowerpotss.biz/apple-store.”

Most of the time a legit email from a company you do business with will contain some info about you that the company would know but a scammer would not. For example, an order confirmation from Amazon shows my full name, email address and home address.
You receive an email requesting action on an account that you do not have. For example, for a long time I was receiving phishing emails for US Bank. I don’t have any accounts with US Bank so that was a pretty easy catch.

Hover over a link in email to see the true destination:

If you keep in mind the above things to watch out for, you will soon be able to identify a phishing email by the “smell test”. If you aren’t sure, ignore the email and go directly to the purported sender’s website in your browser.

Now This fake PAGE suspended.


We Recommend:

Related Posts:

, ,

Recent Posts:

Author on G+:


© 2010-2014 GDeluxe.com. All trademarks and copyrights remain the property of their respective owners. GDeluxe.com is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc. GD: sitemap