As you may have heard, either online or through other forms of media, there have been many iTunes users who were reporting fraudulent purchases being made with their PayPal accounts.
However, according to various technical blogs and websites, there are not any security holes or problems in either iTunes or PayPal, but rather, people have fallen victim to a “phishing” scam.
“Phishing” is a way of scamming users out of personal information, such as passwords and credit card numbers. An example of a "phishing” scam is when a user receives an e-mail, asking them to verify their personal information for a service, such as PayPal, by clicking on a link to an external website.
When the user arrives at the website, it may look very similar to the real website, however, the website is actually a rogue website, which scammers use to steal a user’s personal information.
There are some ways, however, that users can protect themselves against “phishing” scams, some of which are quite simple.
Double Check the Address Bar
If a user receives an e-mail from a bank or other company, asking them to verify their personal information, they should be aware that the e-mail could be a part of a phishing scam because even though an e-mail may look as though it’s legitimate, it may not be.
A simple check of the e-mail and web address may be able to stop somebody from becoming the victim of a phishing scam. However, some e-mail may look as though they are coming from and linking to a legitimate company, but may actually lead to a phishing website, so if you’re going to click on any links, you should double check what is in your browser’s address bar.
In addition to making sure the web address of the company is correct, you should also look for “https” in front of the web address, rather than “http” if you’re being asked to provide personal information, such as a password or credit card number, as “https” means that any information you provide is being sent over a secure, SSL connection.
Do not Respond to E-mails
If you have received an e-mail from a company, asking for you to respond with your personal information, be aware that this may be a way of scamming you out of your personal information.
Most companies probably won’t ask for your personal information via e-mail, so if you happen to receive an e-mail asking for personal information, it may be an attempt at a phishing scam.
Should you receive an e-mail asking for a reply with personal information, I would suggest that you manually type in the company’s web address and then either call or e-mail their customer support department, letting them know what happened.
Keep Your Password Secure
Another way that you can prevent yourself from falling victim to a phishing attempt would be to keep your passwords and other personal information secure.
You should not provide your password to anyone via phone or e-mail, unless you are positive that you are speaking to someone from a company or organization. Don’t be afraid to deny someone your password if they asked for it, as many companies will probably not ask for your password in an e-mail or over the phone.
It may also help to change your passwords every now and then, that way, if you were to accidentally fall victim to a phishing attempt, nobody would be able to access your account.
In order create a secure password, you should use both uppercase and lowercase letters, as well as numbers and even symbols, as all of these things would make a password harder to guess or figure out. Also, the longer a password is, the harder it is to figure out, so longer passwords are definitely better.
If you would like more information about the iTunes PayPal Scam, perhaps you should check out this article from TechCrunch, as well as this article from MacWorld.
If you have any tips on how to prevent phishing scams or if you have any questions, comments, or suggestions, or would like to make a correction to this post, please feel free to leave a comment below or use the Contact page to send me an e-mail!