Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
More iTunes Accounts Compromised by App Store Developer?
- Thread starter MacRumors
- Start date
- Sort by reaction score
I add a CC when I make a purchase on iTunes, and then right after my purchase(s) have downloaded, I immediately REMOVE the Credit Card info. Then I backup the purchase(s) that I have. Right now my iTunes accoutrements says "No Credit Card On File"I'll keep Irtysh way until I want to buy something. Then I'll change it. Yes it's a PITA, but I don't want to take a chance.
not sure but when i go to itunes acct. they are asking me to finish setting up my itunes account and put in a credit card / paypal >_>;z. i press cancel haha
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.2; en-gb; Nexus One Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1)
With popularity comes this kind of crap it seems. As they are people caught up in phishing trickery, the same flaws can exist in every 1 click payment system online (PayPal, eBay, Amazon, Google Checkout.... the list goes on). This isn't a problem unique to Apple.
With popularity comes this kind of crap it seems. As they are people caught up in phishing trickery, the same flaws can exist in every 1 click payment system online (PayPal, eBay, Amazon, Google Checkout.... the list goes on). This isn't a problem unique to Apple.
The card linked to my iTunes account has expired so I'm betting I'm pretty safe from most any attack on my iTunes and I don't really use the same password for any two things I want people to stay out of. People just need to be smart about their passwords.
Those are not really developers.
I don't think the apps in question are supposed to provide some service or information to the customer. It is hard to evaluate them without buying, but from the screenshots I would say, they are mostly lots of crap.
It is not even possible to contact the developer, because the links are broken and the websites contact address wrong/not existent.
I think the main purpose of those apps is *not* to make lots of money. They are too obviously useless.
They have fake reviews, yes. But their purpose is something else ... someone should desect the code of such an app.
I don't think the apps in question are supposed to provide some service or information to the customer. It is hard to evaluate them without buying, but from the screenshots I would say, they are mostly lots of crap.
It is not even possible to contact the developer, because the links are broken and the websites contact address wrong/not existent.
I think the main purpose of those apps is *not* to make lots of money. They are too obviously useless.
They have fake reviews, yes. But their purpose is something else ... someone should desect the code of such an app.
That is hard for me to believe. I think it is just someone too dumb to realize they won't actually get any of the money. Jailbroken devices or hacked PC/Mac seem like the most likely cause, as Apple should be able to detect the behavior of brute force break-ins. If they aren't trying to keep accounts safe, then they deserve the credit card company wrath that will befall them in the form of higher merchant fees.
How long until someone with good intentions[tm] Joe Jobs all the lame apps out of the store for the good of the planet?
On a more important note, why is Apple holding your CC information for more than, say, 24 hours? And why is Apple often defaulting to the "You are responsible for all use of..." excuse, referring people to their CC provider? If Apple does anything but refund at least its proportion of the takings when it has reasonable evidence of fraud, then Apple is knowingly financially benefitting from the fraud.
On a more important note, why is Apple holding your CC information for more than, say, 24 hours? And why is Apple often defaulting to the "You are responsible for all use of..." excuse, referring people to their CC provider? If Apple does anything but refund at least its proportion of the takings when it has reasonable evidence of fraud, then Apple is knowingly financially benefitting from the fraud.
I reported the Gyoyo apps to iTunes a few days ago - the reviews all looked very false.
Apple needs to hurry up in removing scam apps from the store.
Apple needs to hurry up in removing scam apps from the store.
I thought Apple wasn't a target for hackers. BWAHAHAHAHAH! Welcome to the real world, handwringers.
This is why I don't think it's a pure iTunes phising attack. iTunes is a fairly tough target to phish because users don't interact with it through a web browser - they use the iTunes application.
If the account information is for sale, that's the calling card of a botnet. It's rare for botnet owners to actually use any credentials they steal, as they instead sell them to other parties who are better capable of using (and profiting from) the stolen credentials. Botnet owners already do this with credit card numbers, bank account logins, and MMORPG accounts (WoW, EVE Online, Lineage, etc).
As such I surmise that this is one or more botnet owners harvesting iTunes accounts from their zombies as part of their usual diversification. It's one more thing you can steal from a zombie and sell for a profit.
Who ever said that? Besides it's not Apple being targeted but customers like me and you so bwhahahah in the mirror
I just checked my email inbox, and while I have no iTunes receipts that are out of the ordinary, I do have a very dodgy looking email claiming to be from Apple.
The sender is the very obviously dodgy, "News_Europe@InsideApple.Apple.com", and was sent on 5th July 2010.
It's titled, "Important Account Upgrade Required" and says,
"Dear Customer,
The Apple Team is hereby announcing the New Security Upgrade. We've upgraded our new SSL servers to serve our customers for a better and secure Online service, against any fraudulent activities.
Due to this recent upgrade, you are requested to update your account information by clicking thelink below ..."
The address is www.apple.com/store/account ... which I haven't clicked. I've never seen Apple send an email asking me to agree to new terms outwith iTunes itself, so this is obviously a phishing attempt.
The sender is the very obviously dodgy, "News_Europe@InsideApple.Apple.com", and was sent on 5th July 2010.
It's titled, "Important Account Upgrade Required" and says,
"Dear Customer,
The Apple Team is hereby announcing the New Security Upgrade. We've upgraded our new SSL servers to serve our customers for a better and secure Online service, against any fraudulent activities.
Due to this recent upgrade, you are requested to update your account information by clicking thelink below ..."
The address is www.apple.com/store/account ... which I haven't clicked. I've never seen Apple send an email asking me to agree to new terms outwith iTunes itself, so this is obviously a phishing attempt.
Definitely. I find Apple always just has you agree to new terms and conditions from within the iTunes app itself.
Exactly.
Even the wording of their "message" is poorly written.
Given the date of this email (the 5th), it ties in with the hacking of accounts. Some people have obviously clicked the link, signed in to what they think is an Apple site or iTunes and given away their log in information.
Are you normally this dumb, or is this some kind of special day for you?
When people have talked about "Apple" not being a target of hackers, they talked about security of the software and security-holes. This case is TOTALLY different.
We are talking about online-service that uses username/password-combo (like all of them do). If some evildoer manages to find out your username and password, there's nothing much Apple could do and they are in no shape or form responsible for the problem. Users are responsible for the security and safety of their login-information.
Now, if this data was obtained through hacking Apple's systems, then you might have a point. But that is not the case here, we are talking about phising. And that relies on end-user stupidity.
Now, one thing Apple could do is to limit iTunes-purchases according to geography. So if you make your purchases from New Jersey, and suddenly it seems that you start making purchases from Shanghai, Apple could block those purchases until some kind of verification is received.
The other thing Apple could do is to either send you a confirm email, or have you re-enter your credit card information whenever you register a new device for your iTunes account.
Since the phishers have to register a device/copy of iTunes before making a purchase on your account, this could effectively prevent them from proceeding with the attack.
Many people travel internationally and want to use iTunes on the road - so limiting geographically isn't ideal.
The link that you showed does go to apple's website. Go the the email again, highlight the link, and press copy link instead of just copy. Then paste it back on the forums as a reply to this. If it's different than the URL that you sent earlier, its a phishing site. If it's not, it's not.
"Retire, relax, enjoy your family. It is just money. Not worth it."
The email conversation with that quote wasn't even real.