Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
PayPal Charges Result in Renewed Publicity Surrounding iTunes Account Phishing Attacks
- Thread starter MacRumors
- Start date
- Sort by reaction score
My experience mirrors yours. One of my iTunes accts was compromised last week...but it was an acct I have not used in 5 years. How is someone suppose to phish an acct I haven't logged into for that long? In fact, until I rec'd the PP/iTunes rec'ts I completely forgot I even had that acct.
I did learn a valuable lesson though -- I have unlinked my CC from my regular iTunes acct and will only use iTune GCs from here out.
And this is why I buy and sell everything online with a small account that only gets money when needed. I haven't had a problem yet, but *knocks on wood*
Just two little rules
It's called a password, and there are just two little rules about using passwords:
1. Make it really hard for anyone to guess, even if they know all about you.
2. Never give the password to anyone, even if they ask you politely in an email.
It's just that simple.
It's called a password, and there are just two little rules about using passwords:
1. Make it really hard for anyone to guess, even if they know all about you.
2. Never give the password to anyone, even if they ask you politely in an email.
It's just that simple.
I got like 40 dollars charged to my account that wasn't mine. Apple is worthless, no refund ever policy is moronic. I'm just not going to buy anything on itunes ever again. Thanks for nothing Apple. There is a problem and they just look the other way as far as I know.
Interesting. So let's assume that it wasn't phishing related, so how did they get you iTunes account details?
First. How did they get your iTunes account name? Secondly. Did your iTunes account have a strong password? And thirdly. Do you write app reviews? I ask this to figure out a possible answer to my first question; is your iTunes store account name the same as your Apple ID?
There has got to be something that went wrong, or they wouldn't get into your iTunes account. Used the same account [nick] name for other forums and social media maybe? Use Apple forums much?
I don't like to point fingers, but without knowing what exactly happened, this might go on forever.
And my experience somewhat mirrors the post you are linking to. Account not linked to that wretched company called PayPal. I wrote about it on a couple of the threads that dealt with this subject a few weeks ago, but everyone just stuck their head in the sand and assumed Apple is in no way to blame. In a round about way, I was called a moron and that I must have been a Windows user since this happened to me. I'm a computer engineer with a minor in computer science - i.e. I know what a phishing scam looks like.
Worst part about it wasn't that it actually happened, but the manner in which Apple handled it. It took weeks to get my account in order, and I basically had to beg to get the Gift Card money put back on the account. I would write to the customer service rep, and he would respond 4-5 days later stating that he only worked 3 days of the week and that I'd just have to wait for any kind of response if he wasn't on duty - no handoff, nobody else involved at all. It really was pathetic, and I felt like I was dealing with a company wholly owned outside of Apple since all of my other customer service dealings with them have been top notch. I've gotten over it, but I don't go out of my way to buy anything from iTunes anymore, and I certainly don't have any financial info stored with them.
Everyone can pretend that Apple is infallible, but they are just doing themselves a disservice by taking everything that is given to them.
They changed the email address within itunes. I only noticed the charge on my statement, not in my email as a receipt. Thanks anyway.
Can't speak for the poster you directed this to but personally:
1) iTunes acct names are emails addresses. How does a spammer I have never done business for get my email address? They either guess, suck it out of a PC via an email worm, gleen it frIom a search engine, or buy it from an unscrupulous vendor you have done biz with. Bottom line it's hard to find email addresses.
2) The iTunes acct didn't have a strong pw in the strict sense of the word, but it wasn't anything someone could easily guess either. It probably was easy enough though for sophisticated algorithm to figure out.
3) I do not write app reviews. I don't even use the email used for web commerce except for that iTunes acct.
4) My iTunes acct was not even the same domain as my Apple ID.
As I said in my earlier post, I forgot I even had this acct until I got the email rec'ts last week. Seems like it's more than a phish but Apple isn't going to admit their security is lax.
My PayPal account was recently hacked, but it didn't involve iTunes. Someone bought a game on Steam and somehow charged it to my PayPal account, even though I don't have my account associated with Steam. In addition, three people had payments deposited into my PayPal account that had nothing to do with me. It was a nightmare getting it all sorted out, and PayPal still ended up charging me a fee of $1.32, for what I don't know.
Time to use an unregistered domain name for your [separate] Apple ID? Making it virtually impossible for anyone to obtain your iTunes store account name / password, by using a brute force attack, simply because it doesn't even exist on any mail server.
The drawback is that you cannot use it for anything else, but this way it won't be obtained from any forum / search result.
That and using ridiculous long / strong passwords should make you pretty secure.
And when someones iTunes account get hacked after following these steps, on a Mac... then Apple surely has a real security problem.
Just because I have more Macs than you and bought more in a single year is no reason to be jealous and nasty bout this issue.
Technically I should have de-authorized them all at once.
I made the mistake of doing it over time as I brought newer Macs online, not realizing there was a limit.
It's still a dumb rule by Apple no matter how you look at it even though it's my fault for not realizing I technically violated the rules.
This is basically a simple reason WHY people hate DRM in general.
It restricts the use of something you actually PURCHASED to a legitimate customer and pisses them off royally.
And consumers have shown time and time again that they don't like that.
We're going to go through another round of this with video/movies/TV now.
I trust PayPal as far as I can throw them. Their accounts are constantly hacked. Don't ever, ever, ever give your real bank account information to PayPal. Ever.
I signed up for an itunes account a long time ago, by the time I needed one for my first ipod I had forgotten about the original account and signed up for a new one. Couple years goes by and notice some itunes charges to paypal. I thought it was odd since my itunes account wasn't linked to my paypal. Called apple and they credited me and said it was an old account that hadn't been used until recently and they deactivated it.
There's no way that it was "phished" because I myself didn't even know the logins anymore. Not sure how they got it, but it was odd.
There's no way that it was "phished" because I myself didn't even know the logins anymore. Not sure how they got it, but it was odd.
There was a time once when the United States of America grew wealthy and powerful and the Americans built their country into the richest nation the Earth had ever seen by taking risks and selling things to the rest of the world in exchange for money.
That America and those Americans are gone. Now, it's "US bids only". And complaining that Europeans who want to give Americans their cold hard cash should keep their wallets closed. America doesn't want it any more, give your money to someone else.
There will be a time soon when the Peoples Republic of China grows wealthy and powerful and the Chinese will build their country into the richest nation the Earth has ever seen by taking risks and selling things to the rest of the world in exchange for money...
PayPal make me much disappointed. Several days ago, on of my customer require refund , saying he is no need of my products any more. Of course , with our license code, he's already ripped his DVD. Aha, good, he did not want it any more, so I have to refund. Very good.
And whose responsibility? PayPal said, its you, you should refund.
God, take me away
And whose responsibility? PayPal said, its you, you should refund.
God, take me away
Right. It's an e-commerce business – like we don't know that – which should have security checks in place for dubious payments. I mean 47 times $99 should at least have triggered an alarm – it's after all not the first time that this happened.
And this eyebrow raising event will most certainly have some sort of an impact; Some people will stop using PayPal because of it. At least we here won't use PayPal anymore.
Why should it have triggered an alarm? People buy things in separate transactions all the time to use coupon codes repeatedly. Take a look at spoofee.com, fatwallet.com, or any of the other sites. If Paypal locked someone's account for a few repeated purchases, Paypal would take a bigger hit than when they don't.
Because of what I wrote? It isn't the first time, and PayPal said to work on it and get security checks in place?
Why do you even assume that other people are unaware of this?
Well 47 [* $99] is hardly "a few repeated purchases". And mothership Ebay agreed. The PayPal system is about to change.
No, that is not the scary part of this.
Try calling itunes to get them to freeze your account. Oh, wait, itunes doesn't have a customer service phone line. They only respond to email (or chat, theoretically).
I had my (inactive) itunes account hacked last year. Hadn't used the account for 6 months. The hacker changed my email address, then my password, then charged $500 to my account. No informational emails were provided to me informing me of the above events. Fortunately, I happened to look at my CC accunt about 3 days after this happened. Took my CC company 30 seconds to freeze my card. Took itunes 24 hours to freeze my account.
It didn't appear to me that itunes was pursue the fraud. They said it was up to my CC company to recover the lost funds. Sounds like the same song and dance I received from paypal the first time I was burned by a seller on ebay failing to even ship a purchase.
I will Never Trust PayPal
If you have been watching PayPal from the security forum over at Broadband reports you will know that over the years PayPal has had numerous security breaches. I will not purchased anything from a online business that only uses PayPal for payment. I have a pay-pal account that I have used once and will not use again.
If you have been watching PayPal from the security forum over at Broadband reports you will know that over the years PayPal has had numerous security breaches. I will not purchased anything from a online business that only uses PayPal for payment. I have a pay-pal account that I have used once and will not use again.