itunes

A new way of tricking people into iTunes identity theft wasemail discovered recently.

It is targeting users of iTunes and looks completely official however it is really a scam. The email contains a graphic from Apple that notifies the user that their account is going to expire. iTunes users beware of this iTunes identity theft danger and do share this information if you find it helpful.

These types of scams are not new. They are called ‘phishing attempts’ and have plagued the internet almost as long as there have been web pages.

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

What is new is the hidden web address, this type of attempt is something not seen often by security experts.

url1By tricking the user to click on the link, the address looks as if it is very valid that is because the address string is so long that it actually is longer than the width of most computer screens. This causes the real web host to be hidden from the user. Below is the actual link address the real web server is drl.pl hosted in Russia.

http://apple.com.us.login-webappsaccount.verification.login-webapps.update.profile.jmg3vsxpo526ndjk0w8baqhpitz0ggersizbhwlioy
byso71eqjedis.a13c0db1f8e26366324934b92a630e40b7fef61ab7e9fe
.resolution.center.ake.drl.pl/apple/index22.php?cmd=_login-run&dispatch=588885d80a198ca054efbsedf2c29878a435fe324eec2511727fbf38

People that actually fall for the link and go to the site are asked all fullscreenkinds of questions that no real web company would ask.

You should never enter your full Social Security number on any website.

Anyone that does fill out the form is redirected to the real iTunes site for logging in. One of the troubling things about this scam is the dispatch string. This means whoever sent the email out is keeping track of who clicks on the link and goes to the site. This makes future danger for iTunes users keeping them in the snare of future attempts at stealing their money and running the risk of iTunes identity theft.

The best policy when communicating with any site requesting information is to separately log into that companies web site on your own. Never click on any link sent to you in an email. Usually if they have some information they need they will alert you after you log in.

Trip Elix is a public speaker and author and has been published in several newspapers and blogs. His website is http://tripelix.com  

Etortionware Trips first novel visit the website to find out more.