Looks like social engineers are all set to say “Merry Christmas”. According to latest reports, Apple’s MobileMe has been the latest victim of their phishing attacks.
The trick they (scammers, social engineers, whatever you want to call them) have chosen is quite old in the book. They send an email, trick you into revealing your login credentials, and hope you will fall for it. Though the trick seems somewhat hilarious, it works quite well then you can imagine.
The worse part of the trick is that no amount of security (firewalls, anti-virus softwares, etc) can save you as the success or failure of the scam depends on you. Perhaps it is better to say that you are the weakest link in the security chain; if you fall, the whole security system proves worthless.
The recent phishing scam consists of sending MobileMe customers telling them that their iDisks have been infected with a virus and their account has to be upgraded to secure servers which need their login details.
Here is an email example that you could possibly receive if you are a customer of MobileMe. Do not (we repeat, DO NOT) reply to these emails.
Dear MobileMe Subscriber,
A DGTFX Virus has been detected in your MobileMe folders. Your email account has to be upgraded to our new Secured DGTFX anti-virus 2011 version to prevent damages to our web mail log and to your important files. Click your reply tab, Fill the columns below and send back to us or your email account will be terminated to avoid spread of the virus.
Note that your password will be encrypted with 1024-bit RSA keys for your password safety.
All MobileMe User Should Reply Now !!!
Failure to do this will immediately render your Web-email address deactivated from our database.
Thank you for your co-operation.
Warning Code :ID67565434
© Copyright 2011 Apple Inc. All rights reserved.”
As we have stated above, you don’t have to reply to these emails. The best thing is to simply ignore them and move-on with your business. Be strong and don’t fall to these scammers as you are the only one who can protect you in these cases.
On a side note, if you are stumbled by the term social engineering that we are using above, it is simply the art of deceiving someone to let him/her reveal some sensitive information which he/she might not reveal otherwise. For more info, checkout this Wikipedia article.