Filed under: Odds and ends, Security, MobileMe
Beware of MobileMe phishing scam
Several TUAW readers have contacted us about a MobileMe phishing scam. These readers are getting an email that looks surprisingly official (see below). When they click on the Log In button, they're going to a page that has already been shut down. That might not always be the case.
Never, never, NEVER click on a link or button in an email asking for personal or financial information -- that's a sure way to become a victim of a phishing scam. If you receive a note like this, log into your MobileMe account and update your billing info directly, if it really needs to be updated. Do NOT click on the button.
A couple quick ways to see where a link or button in an email is going to take you are to hover your mouse over a link to see the real URL, or to right-click a button and select properties from the menu to see what URL is embedded in the button. Be careful out there, folks -- there are a lot of unscrupulous people who would love to take all of your money.
A tip of the hat to Noah for supplying the screenshot!
Never, never, NEVER click on a link or button in an email asking for personal or financial information -- that's a sure way to become a victim of a phishing scam. If you receive a note like this, log into your MobileMe account and update your billing info directly, if it really needs to be updated. Do NOT click on the button.
A couple quick ways to see where a link or button in an email is going to take you are to hover your mouse over a link to see the real URL, or to right-click a button and select properties from the menu to see what URL is embedded in the button. Be careful out there, folks -- there are a lot of unscrupulous people who would love to take all of your money.
A tip of the hat to Noah for supplying the screenshot!
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Miguelitosd said 5:37PM on 5-18-2009
Duh! I can't believe people still fall for these. This is part of the reason I still stick to using a cli MUA like mutt. I can still easily see the rendered HTML for the mail I want to, but seeing the text first usually makes it blatantly obvious when the URLs are trying to trick you. Not to mention I avoid most of the "stationary" and other crap people tend to try to load into emails anymore when using HTML.. which tend to add zip to the actual content of the message.
Reply
dbanegas said 5:45PM on 5-18-2009
Hi,
You recommend that people hover over the button or URL or to "right" click on the URL/Button to see the properties to know you are being sent. This is also a NO-NO because if the button or URL is inbedded in an iframe, there is a HTTP command called "onmouseover" that can be used to execute commands to download malicious code "keylogger" onto your PC.
The best recommendation is to simply delete the email.
-dB
Reply
Anon said 6:45PM on 5-18-2009
No, that would be a JavaScript function. They can't "download a keylogger" to your Mac either. If that were the case, people would be doing this whenever the page loads.
Don't talk from your ass.
ecobore said 7:56PM on 5-18-2009
It is worth remembering that there are methods to make it look as though you are visiting a bonafide site even in the code that is shown when your mouse hovers over a link. As per the main advice, the answer is ALWAYS to ignore the mail and log in independently to check your status.
Reply
macxprt said 7:51PM on 5-18-2009
Notice the email address that this is coming from. The domain is m-e.com. I know these can be easily spoofed so tracking it would probably not be successful, but it sure would be a tip off that the email is fake.
Reply
Łukasz Kliś said 2:15AM on 5-21-2009
Human stupidity. ;) If people read e-mails carefully they would have noticed that there is a spelling mistake in the e-mail's title. ;)
Rule #1: NEVER click in any links in e-mail in which its author want you to repost your credit card's details.
Reply
Jeffois said 11:26AM on 8-09-2009
I just got this phishing attempt. I have the FTC address for abuse. Does Apple have an address to report the scam?
Reply