Yesterday, and over night a wave of phishing attacks hit the servers targeting Apple Mobile Me users, and others who might not know the specifics of the phish. There were several, all from different “senders” but leading to the same address. READ THIS ALERT
DO NOT CLICK ON ANY LINK IN THIS PHISHING ATTEMPT.
Not only could it extract information from your computer, the site, or clickthrough pages could contain malware or spyware intended specifically for Mac users. If you can avoid opening it, you will avoid pinging the botnet of a live address.
USER GROUPS: SHOULD DISTRIBUTE this message to their members.
Note the Subject line says: “Billing problem” and appears to come from “no reply” at Apple.com.
Here’s what it looks like:
Investigation shows the Phish code reveals the crucial link of the “call to action” leads to a web site other than Apple, as shown here:
Below, is the dossier on who is actually sending the phish, where the hijacked site resides, and who is providing ISP services. Note that the DNS services record does not supply proper Whois information, but was supplied by Joker.com, known to be a suspected cybercrime-friendly registrar and host.
This is another in a long list of very good reasons NOT to view your email in html mode. Viewing in “raw source” would have revealed the bogus links to the cybercrime web site.