For more than a year now, scammers have been racking up unauthorised charges on iTunes accounts, leaving Apple’s customers to clean up the mess.
Tech Crunch and the San Jose Mercury News report that the scam is ongoing – often draining hundreds of dollars or more from accounts – but consumers have been complaining about the problem since at least early 2009.
The number of people being hit by the fraudsters now seems to be growing, however.
“My iTunes account just got hacked and someone made about $700 worth of purchases,” one Facebook poster wrote on Monday. “I contacted Paypal (who was awesome btw, refunded all) and they said Apple has gotten so many attacks since June, they can barely keep up with reporting them all!”
That scam victim, Layne Harris, told this reporter he has no idea how his account was compromised.
PayPal, which is often processing the unauthorised charges, confirmed on Monday that customers are being reimbursed for the fraud.
The fraud “is happening on the iTunes side,” a PayPal spokeswoman said via email. She referred further questions about the scam to Apple.
Scammers appear to be gaining access to the accounts by sending out fake phishing email messages that try to trick users into disclosing their iTunes user names and passwords. Those credentials are then used to pile on charges for music or iTunes gift codes.
Low-cost iTunes gift codes can be easily obtained on the internet. For example, a $100 iTunes gift code was for sale on the Ioffer.com auction site, with the suspicious caveat that it could only be used for 24 hours within purchase.
Apple confirmed that legitimate iTunes gift codes do not have an expiration date, and expire only after being redeemed.
Apple said on Monday that victims of the fraud must work things out with their banks and credit card companies.
“iTunes is always working to prevent fraud and enhance password security for all of our users,” Apple said in an emailed statement. “But if your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about cancelling the card and/or issuing a chargeback for any unauthorised transactions. We also recommend that you change your iTunes account password immediately.”
Australian Macworld is not aware of any Australian iTunes accounts having been targeted, but users should always be on the lookout for potential phishing scams.