It looked innocent enough. Heck, it even arrived on my iPhone.
"It" was an e-mail purporting to be from Apple, Inc.'s MobileMe service, the online
e-mail/file storage/photo sharing/web hosting wonder formerly known as .Mac. And,
I'll admit, I've come to place more than a little trust in Apple.
The e-mail, which had the "official" MobileMe logo, and seemed to come from Apple,
said there was an issue with charging my credit card for the monthly charges. Would
I please go to a location and update the information?
Again, I should have been skeptical — MobileMe service is billed annually; I should
have remembered that. And, my account isn't up for renewal until December.
But, still — I'm a trusting kind of guy when my hard-hat journalistic guise is
removed. So I didn't click the button, but went to the MobileMe site, logged in and
changed the info.
So far, so good...until I got the message that things weren't working at the moment.
I'm not sure what I did next, other than to find myself entering several different
kinds of credit card information and hoping one would work. Now, I was starting to
get nervous.
My anxiety increased after calling one of the card companies and finding that, no,
there weren't any problems with the account. I mentioned the nervous part, right?
Well, it's been the better part of the week, and now my daily routine includes
several checks of the bank and credit card accounts to make sure nothing "funny" is
happening. So far, so good.
An inquiry to Apple revealed that, no, the link in the official-looking e-mail was
not an authorized Apple address. I shouldn't go there, literally. And while I'm
fairly sure I didn't, I can't swear to it. Hence the frequent account checks.
I should note at this point that Apple — as much as any online firm that's been
caught up in a "phishing" scheme, as the frauds are commonly known — is essentially
a victim. Some criminal or criminal gang somewhere is abusing the trust people have
and trying to steal information. It's dastardly, yes, and it's exceptionally uncool.
But it also hurts the legitimate firm whose name is used. Also, Windows users can be
hit just as easily as Mac users; criminals don't discriminate.
I also made another mistake, and I should have known better about this one, too. At
one point, I was logging on to secure Web sites using a "Beta" version of the
next-generation Firefox browser. The Beta didn't have the security features that the
current, standard Firefox has. The regular Firefox quickly identified the site as
specious, flashing a warning to stay away. Guess what I'm going to use from now on.
Also, I didn't read the e-mail in Apple's Mail.app e-mail client. That
program allows you to "mouse over" a link or "button" in a graphical e-mail and make
sure you're going to land where you expect to end up. This is another way to avoid
the clutches of the bad operators.
Again, so far, so good. I've also signed up at www.lifelock.com for the LifeLock
identity-theft protection system. Using you Social Security number and other
information — all of which is transmitted securely and stored on their servers —
the firm monitors your credit reports for suspicious activity. The service isn't
free — expect to pay $10 per month — but the peace of mind may well be worth it.
I'll keep you posted on my experience with the service.
The bottom line here is to be vigilant, constantly, when it comes to e-mail asking
you to log in and update your account. Check the origin of the item, check the Web
links, and use Firefox, which is available for Windows and Linux users as well as
Mac-heads.
I'm hoping I dodged a bullet here, but I also realize the need to keep my guard up.
