Yesterday, and over night a wave of phishing attacks hit the servers targeting Apple Mobile Me users, and others who might not know the specifics of the phish. There were several, all from different “senders” but leading to the same address. READ THIS ALERT

Not only could it extract information from your computer, the site, or clickthrough pages could contain malware or spyware intended specifically for Mac users. If you can avoid opening it, you will avoid pinging the botnet of a live address.

USER GROUPS: SHOULD DISTRIBUTE this message to their members.

Note the Subject line says: “Billing problem” and appears to come from “no reply” at

Here’s what it looks like:

Apple Phishing - what the reader sees

Investigation shows the Phish code reveals the crucial link of the “call to action” leads to a web site other than Apple, as shown here:

Where the phishing takes the reader

Below, is the dossier on who is actually sending the phish, where the hijacked site resides, and who is providing ISP services. Note that the DNS services record does not supply proper Whois information, but was supplied by, known to be a suspected cybercrime-friendly registrar and host.

Apple phishing site records who, what and where

This is another in a long list of very good reasons NOT to view your email in html mode. Viewing in “raw source” would have revealed the bogus links to the cybercrime web site.

Copy the RAW SOURCE of the entire email message and
REPORT IT TO: The Anti-Phishing Working Group