Is Itunes Safe From Phishing Attacks?

By Author: eccuni
Total Articles: 211
Comment this article

Many of us has known or heard iTunes before; it is a media player application for the computer that allows us to play and also organize digital music as well as video files on our desktops. It can manage the contents of our iPod, iPod Touch, iPhone and the newest iPad too. iTunes can also connect to the internet with its iTune Store, and once could choose to purchase or download digital music, music videos, TV shows, audiobooks, podcasts, iPod Games, and even movies.
When it comes to choosing to purchase or download stuff on the internet with iTunes, of course money is involved in the process. One has to fill up necessary information and credit card credentials if he or she wants to purchase via the internet. Indeed, it is an easy way to shop for the music files you may want but that doesn't mean that iTunes is safe from online threats from cybercriminals. To make it simple iTunes is definitely one big gold mine for cybercriminals and one threat iTunes customers would possibly face is phishing.
Online phishing for important credentials is a big headache for online security experts, and many of companies and their ...
... clients suffer huge losses from these so called phishing expeditions. Massive phishing campaigns happen all the time and many companies are being targeted such as the business LinkedIn, which suffered losses from phishing expeditions just recently.
According to the report of PandaLabs, Apple's popular music platform, the iTunes is probably one of the major targets by cybercriminals and hackers who are looking for malicious ways to steal informations from the credit cards of iTunes' clients. Also, according to the Email of Henry Stern, Cisco's security researcher to SecurityWeek; the phishing attacks happening to iTunes are probably conducted by the same individual controlling the botnet that is responsible for the phishing attacks that happened to LinkedIn.
The only difference in the recent attacks is that the victims of iTunes are receiving Emails informing them that they have made a very expensive purchase from iTunes. The Emails look real to some because it contains a subject line that has 12 digits of randomized fake order confirmation numbers that are said as the purchase number of a certain iTunes product. Of course, the user will be concerned about this mail because he or she is aware that there were no purchases that were made to begin with. Now in order to resolve the problem, the Email comes with a fake link that needs to be clicked if the person wants to clarify or correct the said purchase.
Once the user has clicked on the link, he or she will be asked to accept the downloadable but fake and pretentious PDF reader. Once the installation process is completed, the user will be redirected to webpage that is infected with a Zeus Trojan – a Trojan that is designed to steal the personal data of the user. However, it can be avoided in the future if a penetration testing is done by a person who has undergone a penetration testing training.
Zeus or known in many names such as Zbot, PRG, NTOS and WSNPOEM is basically the most prevalent malware in terms of online banking frauds. It has been used and licensed by different criminal organizations. All this program has to do is to wait for the user to log-in into the targeted banks, steal the log-in information and other data required before sending it to the remote server that is hosted by the cybercriminal. Newer variants of Zeus can even target mobile gadgets and can even overcome the security features of these hand-held devices.
According to the FBI who is working together with international law enforcement agencies, they have busted a lot of cybercriminals who are targeting SMEs, churches, municipalities and individuals, who are infecting their desktops with ZeuS malware. FBI also reported that this group made an attempt of stealing more than $220 million and has successfully grabbed $70 million from different bank accounts of their victims. That is why it advisable that these people should be into pen test to avoid that situation again.
Cisco's Henry Stern was able to give some helpful insights regarding the volume of Emails being sent by cybercriminals, phishing for personal information that they want. He even has shown the changes and gaps that pertain to the spam mails being sent by the botmaster to the different users of iTunes. Thanks to him, many iTunes user had become more aware of the situation at hand before succumbing to the vile plots of these cybercriminals.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in penetration testing.
More information about EC-Council is available at www.eccouncil.org.