iTunes a Platform for Phish Scammers

iTunes users all over the world are being hooked in a possible phishing scam that siphons cash out of their PayPal accounts. Phishing scams, of course, consist of emails that appear to be coming from a legitimate, trusted business. These emails are often designed to trick the victim into revealing login credentials. Once the phishers have access to the account, they begin withdrawing funds.

In this case, scammers used victims’ iTunes accounts to purchase gift cards, which were paid for by the victims’ linked PayPal accounts. Some victims of this particular scam have has just a few dollars stolen, while others have had their accounts emptied.

Gift cards are a form of currency created by the issuer. Their value is in the products or services available when cashed in. A scammer can purchase a $100 gift card and sell it online for $50. Pure profit.

There are many variations of iTunes gift card scams:

1. Scammers can easily set up websites posing as a legitimate retailer offering gift cards at a discount, having fraudulently obtained those gift cards. They may accept people’s credit cards and make fraudulent charges. In these cases, the victim can refute the charge, but will need to either cancel the credit card or persistently check their statements once their card has been compromised. Like Mom said, if it sounds too good to be true, it probably is.

2. The system for generating codes that are embedded on a plastic card or offered as a download is nothing more than software created by the card issuer or a third party. At least one major retailer has had their gift code generation compromised, and who knows how many more have been or will be compromised in this way. Criminal hackers can then offer the codes at a significant discount.

3. iTunes gift card scams are so effective, in part due to the limited availability of iTunes downloads in certain countries. There are numerous copyright issues, with some music companies making deals with musicians and iTunes, while others refuse to do so. Scammers have capitalized on this, using it as a marketing tactic.

The best way to avoid phishing scams is to never click on links in the body of an email. Always go to your favorites menu or manually type the familiar address into your address bar. And never provide you login credentials to anyone, for any reason.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses iTunes gift card scams on NBC Boston. (Disclosures)