PayPal Users Find Unauthorized iTunes Charges – Phishing Suspected

Some iTunes users are finding that scammers are stealing their money through PayPal. Numerous people have been claiming as much on Twitter and Facebook.

Erick Schonfeld at TechCrunch reports, "At least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal. One targeted customer told us, ‘My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised.’ His email was filled with nearly 50 receipts from PayPal for $99.99 each."

Some are going so far as to remove their PayPal accounts from iTunes altogether.

Just removed my PayPal account from iTunes http://lnkd.in/VDfBKyTue Aug 24 12:36:31 via LinkedInwebfitter
webfitter

According to John Paczkowski at All Things Digital, it is gullible users who are to blame. "There’s no security hole in iTunes, and if you’ve been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes account, it’s likely because you’ve fallen victim to a bot attack or phishing scam–a variation on the one that’s been around for years now," he writes. "Sources close to Apple tell me iTunes has not been compromised and the company isn’t aware of any sudden increase in fraudulent transactions."

He also has an official statement from Apple on the matter, which says, "ITunes is always working to prevent fraud and enhance password security for all of our users. But if your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and/or issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately."

According to Paczkowski, PayPal has said that it will reimburse people for unauthorized charges.

There are 4 Comments. Add Yours.

Joseph A'Deo
August 25, 2010 at 3:13 pm

It’s definitely important to note that phishing attacks don’t suggest a compromising of Apple security – there’s no problem with iTunes, and these issues are on the user’s end. At VeriSign, though, we can’t help but feel like the users would be less susceptible to phishing attacks if Apple used extended validation ssl on all its pages, rather than just the store — users would notice any phishing attempts immediately due to the lack of the green url bar. This incident perfectly illustrates the growing need for encryption of some kind even when private data isn’t necessarily being exchanged – if users aren’t used to the encryption, they’re more easily fooled.
JustMe
August 29, 2010 at 1:48 am

this is not coming from clicking through email accounts I NEVER click through emails that would lead to any account I have and they got into my account also. I am one of the lucky ones that played it safe and had email notifications set up and also no bank info linked to my account so only thing they got was all the gift card money I had saved. I havent even logged into itunes on my iMac in over 3 months and no song downloading for over 3 months. I have used my itouch about 2 days ago to download an app. I really wonder if they are using the apps to do this. I suggest everyone change their password and security question since from what I hear if they have your security question answer they can get back in. I also changed my account to have no payment options. I will pay for all my future purchases with gift cards or a prepaid card.
Apple is dropping the ball on this if they are saying its a phishing scam through email since I KNOW that is not what got me. And many other users are not happy that Apple is trying to shift the blame to the end user. If it wasnt for their end users they wouldnt be where they are today.
I know very well how to play it safe online in the 10 yrs or more I have been using the net this is the first time I have ever had an account hacked. My safe measures saved me a load of money on this one in fact. I played it safe and didnt link a bank account. They did get me for all the itunes gift card money I had saved but I only add a certain amount of that at a time just to be safe. So as you see I go quite the extra mile to play things safe online.
BULL, I AGREE
September 10, 2010 at 7:11 am

I just woke up to two unauthorized Paypal transactions from iTunes and when I logged onto my account, I found one more waiting to process. I have been working in the computer industry for over 20 years and have been online for at least 15 years. I’m always spotting phishing attempts, etc. and know I haven’t clicked anything suspicious recently. You’d think other sites or credit cards of mine would get compromised too, but that is not the case. The only new thing to the mix is that I started using an iPad a little over a week ago. I was also at a technical conference, VMworld where I’m sure there are many, many smart hackers attending. I think iTunes has been compromised and they just don’t want to admit it.
Amanda
September 13, 2010 at 1:05 pm

I hadn’t used itunes in awhile but had over $50 in gift card balance stolen from me this Sept. 11 & 12th. I got 2 seperate emails thanking me for purchases of apps. I do have an iphone 4 and I never click on links. I want my money back and APPLE has not been responsive. Surely they can disable the apps or at least find out who’s computer the apps went to! I don’t want the crooks to be able to enjoy these apps. I also want my money back.