There have been a number of stories in the news lately that highlight the growing problem of people gaining unauthorised access to iTunes accounts and siphoning off money from people’s bank accounts in clever ways. These highlight the evolution of crime in an increasingly service-orientated world and people’s individual responsibility to keep their accounts safe.

Consider this scenario: either a genuine-looking website or an application installed on a smartphone asks you for your email address and password in order to access some specific content, like some music you’re looking for online or an app that you want to install. You happily give your details to this site and you may or may not get what you were requesting. A couple of weeks later, you get your bank statement saying that you have spent £1000 in iTunes. You have no idea that this has taken place, you contact your bank, who say that they can’t do anything about it because the purchases were authorised: they were all for giftcards.

What has happened here is that someone has tricked you into giving your account credentials to them, they’ve logged in as you, bought a whole load of very re-saleable items (especially at less than face-value) using your bank details (that they don’t even need to know) and got off scot-free.

This is already happening. And it is resulting in arrests. However, the victims are finding it very hard to claim the money back, as the banks are taking no responsibility for it.

Things you can do:

  • Be very wary of giving your username and password to anyone unless you are very sure that the site requesting them is genuine.
  • Use a different password for different websites
  • If possible, disable the ability to purchase high-value items to limit the impact of a successful hijacking
  • Change your passwords regularly