New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

PayPal Charges Result in Renewed Publicity Surrounding iTunes Account Phishing Attacks

A report in the San Jose Mercury News yesterday and a follow-up post by TechCrunch this morning are again bringing publicity to users who have experienced unauthorized charges via their iTunes Store accounts. According to the reports, the majority of complaints are coming from PayPal users who have linked their payment accounts to their iTunes Store accounts.

At least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal. One targeted customer told us, "My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised." His email was filled with nearly 50 receipts from PayPall for $99.99 each. He was able to catch it before his bank disbursed funds to PayPal.

According to All Things Digital, this latest round of unauthorized charges again appears to be stemming from nothing more than successful phishing attempts and there has been no security breach within the iTunes Store or PayPal.

There's no security hole in iTunes and if you've been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes acount it's likely because you've fallen victim to a phishing scam - a variation on the one that's been around for years now. Sources close to Apple tell me iTunes has not been compromised and the company isn't aware of any sudden increase in fraudulent transactions.

Reports of "App Store hacked" surfaced earlier last month when one developer was able to use a relatively small number of iTunes Store accounts apparently compromised by such means to game the App Store rankings. With over 100 million accounts linked to credit card numbers, the iTunes Store is a popular target for phishing attempts, and Apple has repeatedly reminded customers to maintain proper security over their account information and to contact their credit card companies should unauthorized charges appear on their accounts.