It's still months away from launching, but Apple's iCloud service is already giving phishing scammers something new and tasty to chew on.
Researchers at the security company Sophos spotted an email claiming to be from Apple which tells unsuspecting MobileMe users that if they sign up for the new cloud-based storage service, iCloud, Apple will move all their current mail, contacts, calendars and bookmarks to the new service, set to launch this fall.
The scam email has an @iCLOUD.com address, and a subject line that reads, innocently enough, "Welcome to iCloud." The body of the email contains a link that reads, "Click here to update iCLOUD," and is signed "The Apple store Team."
[Cracks in the Cloud: Security Issues Loom Over Online Backup Services]
"Please sign up for iCloud and click the submit botton," the email reads. (Notice the typo? That should raise a serious red flag; would a legitimate email from Apple have misspelled words?)
Those who proceed anyway are redirected to another Web page that looks similar to Apple's legitimate site and asked to enter their name, credit card number, address, phone number, Social Security number, email address, Apple ID credentials and mother's maiden name — essentially every single bit of personal information that would give even the most novice of online criminals unimpeded access to your money and identity.
"Imagine the harm a fraudster could cause with all that information," Sophos's Graham Cluley wrote.
To avoid this scenario, remember that no legitimate organization will ask for your Social Security number, credit card number or other personally identifiable information in a email. If you have questions, contact the organization in question before filling out any forms.
In other Apple-related news, 19-year-old Nicholas Allegra, the hacker known as Comex who wrote JailbreakMe 2 and Jailbreak 3 (two hacks that allowed millions of people to jailbreak iPhones and iPads), will begin an internship at Apple next week, according to his @comex Twitter feed.
