Apple iTunes Customers Targeted By Phishers

Anyone paying any attention at all should be able to detect the difference between "" and "," security experts report.

(click image for larger view)

A screen shot of the fake Apple Store.

Having delivered consistently strong financial results over the past year, displaced Wal-Mart as the leading U.S. music retailer, stormed into the mobile phone market, and outperformed the rest of the computer industry, Apple has never looked more polished.

But Apple's success has a downside: There are now enough Apple customers to attract cybercriminals.

Phishers have begun using Apple's brand as bait. Communications security company Proofpoint has detected a phishing message that attempts to exploit Apple's name. A screen shot provided by Proofpoint shows a fake version of the Apple Store that has been set up to steal personal information.

"The bad guys have moved on from trying to take advantage of eBay or Citibank," said Andrew Lochart, VP of product marketing at Proofpoint. "I guess this means that Apple is now a top-tier Internet retailer. The bad guys are trying to use Apple's brand to commit identity theft."

Lochart acknowledged that the URL used in this phishing attack "is not the best attempt I've ever seen to obfuscate a malicious URL." Indeed, anyone paying any attention at all will detect the difference between "" and ""

If this phishing expedition fails to generate any response, those responsible may turn their attention back to more traditionally phished brands.

But don't count on it. Several years ago, Apple's small share of the PC market was seen as the major reason that malware writers didn't try to craft Apple-specific exploits. With Mac OS X now appearing on iPhones and Apple computers, and the proliferation of Apple's iTunes, QuickTime, and Safari software on both Mac OS X and Windows devices, scammers now have large pool of potential victims to target with Apple-oriented attacks.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing