Phishing scam targets MobileMe users

Apple’s MobileMe, plagued by problems since the beginning, is now the focal point of a phishing scam designed to trick users into providing credit card information. MobileMe, which was created to allow users to synchronize email, calendars, and contacts between various computers, smartphones and other devices, works on Windows computers as well as Macs, iPhones, and iPod Touch hand-helds. The system’s very useful features suffered a lot of problems and criticisms from the beginning, and Steve Jobs himself admitted in an email that it wasn’t up to Apple standards. A recent update however, may address the problems with several noteworthy improvements.

The scam, reported on Apple Insider, sends out a spam email that has been tailored to appear as though it comes from Apple. Like most scams of this nature, it attempts to trick users into going to a fake web site that has been made to look like the Apple site, where they are asked to enter their financial information. The sender address has been spoofed to appear legitimate, although a close look at the fake email’s raw header will show that it originated elsewhere. The URL also attempts to appear to be an Apple MobileMe URL, but is an obvious fake.

The big giveaway is that Apple, like most companies that communicate account information with its clients, specifically cites the customer’s name, and then asks them to go directly to MobileMe instead of providing a link. The bogus email is genericaly addressed, which is always suspicious right off the bat. Also, the fake site has no SSL security (https), another giveaway. Entering private information in a MobileMe session would always be done in an SSL session.