A couple of months ago, the news of hacked iTunes accounts made the webs. The situation turned some suspecting iPhone users into victims, as their accounts made unauthorized app purchases from a specific developer. Well-publicized at the time, the culprit was uncovered and it seemed the matter of iTunes hacking had fallen off most people’s radars — until recently.
This week more iTunes fraud was revealed, as several customers with PayPal-linked accounts were hit with charges ranging from $300 to $4700 and beyond for applications, songs and vids. One user launched an inquiry to PayPal, and was informed that this was just one of many recent incidences.
The big question here is, how did this happen again? Is Apple or PayPal somehow at fault? Well, not necessarily. Some experts believe this wasn’t because of a vulnerability in iTunes or PayPal themselves, but rather it was due to user action, with the potential cause being phishing scams. Often times, that involves a fake email or website (that looks like it’s branded by a reputable company) to con victims into giving account info or login details.
To its credit, Paypal has said that it will reimburse anyone whose PayPal-linked iTunes account was compromised. On Apple’s part, the company has implemented some new security measures, but also urges affected users to safeguard themselves.
…if your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and/or issuing a chargeback for any unauthorized transactions… We also recommend that you change your iTunes account password immediately.
Even if you haven’t been affected, you may want to reexamine your iTunes details, particularly if you have a bank account linked directly there (like, say, with a debit card).
While this situation hit PayPal users specifically, at least the company is reimbursing its customers. And in general, credit card companies also guard against fraudulent transactions. Bank policies, however, can differ.
Finally, be extra vigilant about suspicious emails or links, or any official-seeming communications that ask you for logins or passwords. A reputable company would never ask you for that. (You can sometimes spot phishing scams by the URL of the site it linked to.
Sometimes it’s obvious that you’ve been directed to a different website address, or a bunch of numbers may come up like an IP address. But it’s best not to even go there. Whenever I get emails from “PayPal,” my bank, “iTunes” or another company, I never click the included links. If there’s an urgent notice or message for me, I access it by launching my browser separately and going to the official site manually.)
Consider this a public service announcement. If we iOS users are so legion that we’re too irresistible to pass up as targets, then Apple’s security efforts may need even more beefing up. (Hey Cupertino! Want to redirect some security resources from the jailbreaking department over to iTunes transactions?? Just a thought…)
Have you fallen victim to iTunes fraud? Share your story below.
