Comments on: Phishing Scam: Apple Store

By: hotels maroc

hotels maroc — Mon, 29 Jun 2009 00:30:59 +0000

Great blog! Thanks.

By: Briana

Briana — Sat, 13 Jun 2009 15:56:00 +0000

Enjoy surfing the internet for hours at a time.
If you’re anything like me then you enjoy surfing the internet for hours at a time. There is so much information available I just seem to get wrapped up in it all. Of course, this means picking up bugs that can literally ruin my computer and cause it to run too slow. To take care of my PC I’ve been searching for a good scan to keep it bug free. I tried many different ones but I like Orbasoft Antispyware the best. With the antispyware solution from Orbasoft (http://www.orbasoft.com) I get one of the best scans I’ve ever used at a great low price. This is exactly what I’ve been searching for.

By: rwahrens

rwahrens — Sun, 06 Jul 2008 21:00:17 +0000

Good tip, Paul!

Thanks!

By: Tom W Browning

Tom W Browning — Sun, 06 Jul 2008 14:47:43 +0000

@rwahrens Every little helps. Shrug.

By: Paul

Paul — Sun, 06 Jul 2008 05:00:48 +0000

If you hold the cursor over the link in Mail, a pop-up box will appear with the correct address. Anything that is odd about the web address will be readily apparent. In the billing phish you get: appartement-maroc.net/apple.store/us. Most people should quickly recognise that the address is fake and you are being phished.

By: rwahrens

rwahrens — Sun, 06 Jul 2008 02:06:07 +0000

“…the industry as a whole is struggling to find an effective solution.”

I believe that this is really my point. To make the statement that Apple itself needs to step up to the plate is to be a bit shortsighted.

With a user base of over twenty-five million users, many of whom are obviously well enough off to afford the more expensive high end Apple units, to say that Apple has not till now been an economic target is also shortsighted. Since the vulnerabilities in Windows are well known, and it is also well known that millions of them are never updated, THAT is why Apple is not targeted, combined with the fact that to work out ways to target them as bots is harder than to just use what works and won’t take additional work.

Phishing works, and does not target a particular platform, all it takes is someone unaware of the dangers. that is why it is used, and won’t go away until folks get the message.

“…clearly your dissemination of this key piece of data isn’t working either.” It isn’t MY dissemination, any more than you claim the other solution. Obviously, the INDUSTRY hasn’t figured this out either, but they damn well should.

By: Appleníaco » Pishers usam site parecido com a Apple Store para roubar informações

Sun, 06 Jul 2008 01:20:33 +0000

[...] Fonte: The Apple Blog [...]

By: Anonymous Coward

Anonymous Coward — Sat, 05 Jul 2008 21:47:53 +0000

Wikipedia (http://en.wikipedia.org/wiki/Extended_Validation_Certificate) has some basic information on the EV process as well as commentary on its usefulness. Yes, it’s not perfect but it seems that the industry as a whole is struggling to find an effective solution. The InformationCard model that I pointed out earlier has a number of benefits that show how to move beyond existing, weak, username/password solutions and some implementations take care to note “you have not visited this site before”. There’s even an implementation for OS X. Right now, it seems to be all about “raising the bar”.

As for “your solution just isn’t working”, I’m not sure why this is “my” solution. You advocated the need for users to be aware that e-mail that leads directly to a site that requests personal information is bad, clearly your dissemination of this key piece of data isn’t working either ;-)

BTW, I wonder if you assume that I’m trolling. That’s not the case. I use a selection of different hardware and software from multiple vendors with Mac’s being my families primary machines. The point here is that Apple is going to be the next target, as a result of its success it is now economically worthwhile for phishers to hit Apple users and phishing against the Apple store itself is a great example of that.

By: Phishing Warning Concerning Apple | Mac Tricks And Tips

Phishing Warning Concerning Apple | Mac Tricks And Tips — Sat, 05 Jul 2008 20:32:33 +0000

[...] to trick users into given there personal banking information away. For course its a scam. I thank The Apple Blog and Malware Blog for bringing this to my [...]

By: rwahrens

rwahrens — Sat, 05 Jul 2008 20:10:16 +0000

No, those certificates are next to useless, they can be faked, and have been shown to have been. Then, where are you?

I agree that OS manufacturers should step up, but then, perhaps, they should step up with something that WILL work and not something that just shows a false promise!

In the meantime, perhaps the education half of your solution just isn’t working as well as it should?