E-mails purportedly coming from iTunes and bearing “iTunes account may be suspended” in the subject line have been hitting inboxes in the last few days, according to “Help Net Security” (http://www.net-security.org/malware_news.php?id=1576).
The message reads: “Dear iTunes Customer, it is possible that your account password has been stolen. 4 different IP addresses have been used to login to your account within the last 24 hours. Please visit the bellow link and read what to do and how to contact support department.”
If you click the link in the message, you’re taken to fake Apple support page. Although it doesn’t ask for any confidential info, “the site silently serves a malicious script that tries to exploit vulnerabilities in older versions of Java and Windows Help to gain access to the system and download and install malware,” says “Help Net Security.” Users that patch their OS and software regularly are safe from this attack, the article adds.