Users experience unauthorized PayPal charges via iTunes phishing scam

Mon, Aug 23, 2010


TechCrunch reports:

Reports are appearing this morning about a major security hole in iTunes accounts linked to PayPal. At least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal. One targeted customer told us, “My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised.” His email was filled with nearly 50 receipts from PayPall for $99.99 each. (Update: they were for “CastleCraft, Dragon Crystals (10000 Pack), Seller: Freeverse, Inc”). He was able to catch it before his bank disbursed funds to PayPal.

But others were not so lucky. A quick search of Twitter and Facebook shows that the problem is not isolated.

Update: Now All Things D notes that the unauthorized charges stem from an old fashioned phishing attack.

There’s no security hole in iTunes and if you’ve been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes acount it’s likely because you’ve fallen victim to a phishing scam – a variation on the one that’s been around for years now. Sources close to Apple tell me iTunes has not been compromised and the company isn’t aware of any sudden increase in fraudulent transactions.

More on the story over here at TC.


, ,

3 Comments For This Post

  1. totally screwed Says:

    I was hacked on Monday night at midnight and I really can’t afford not to have my money not refunded.

  2. froggypond Says:

    I was also hacked and I have given out no info. I haven’t even used iTunes store in over a year. Fortunately they were charging to my account
    while I was online debating the activity and I was able to tell iTunes that they were doing it as we speak.

  3. redstarrus Says:

    The phishing line may be true but for me its bs. I was hacked and I only use itunes through my iphone. After I purchase something and it asks for my pw then that’s the only time I enter it. I have never entered it into any websites whatsoever asking for it. I was charged 170 with a 150 nsf charge from the bank. I got the charges removed but its the fact that my info was not given away by me and the only possible source would have been from apples systems.

eXTReMe Tracker