Users of iTunes are the targets of a new phishing scam, according to e-mail security vendor Proofpoint. Computerworld reports that users began receiving spam messages yesterday informing them that they must correct a problem with their iTunes account. The enclosed link leads to a site posing as an iTunes billing update page where users are asked for information including their credit card number, security code, Social Security number, and mother’s maiden name. “We’ve gotten used to seeing the usual companies and brands attacked,” said Andrew Lochart, an executive with Proofpoint, “like PayPal, eBay and Citibank. But we’ve never seen Apple as the target.” Lochart said the campaign is likely a result of Apple’s growth, adding, “It’s probably indicative that the bad guys see Apple’s online presence as large enough to be a target. It’s part and parcel of the success that Apple has enjoyed lately.”
Lochart also said the identity thieves possibly aimed the attack at iTunes users due to the service’s youth-skewing demographics. “I wonder if the bad guys are thinking that [iTunes users] are younger than those for some of the other phished sites, like banks and eBay,” he said. “The way that teenagers and young adults use the Internet, they show a certain level of trust or openness when they post their name and age and school on MySpace.” Despite the threat, the scammers have “actually done a pretty poor job,” said Lochart, as the URL is clearly not part of an official Apple domain.