Earlier today I posted an article detailing the experiences of some iTunes users that had seen their Paypal or bank account balances drained by an apparent vulnerability in iTunes that allowed hackers to purchase dozens of apps or in-app purchases without the owners knowledge. Now Digital Daily’s John Paczkowski is stating that sources close to Apple are instead saying that there is no problem with Paypal or iTunes and instead these incidences are just examples of people falling victim to a simple phishing scam.

As far as the rumors of a major vulnerability in the way that iTunes handles Paypal transactions, Paczkowski had this to say:

Not much to them, I’m told. Or, rather, not much to their assertion that Apple (AAPL) is at fault here. There’s no security hole in iTunes, and if you’ve been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes account, it’s likely because you’ve fallen victim to a bot attack or phishing scam–a variation on the one that’s been around for years now. Sources close to Apple tell me iTunes has not been compromised and the company isn’t aware of any sudden increase in fraudulent transactions.

A phishing scam is one in which people will get a fraudulent, yet official looking email from say Apple or Paypal  asking a user to log in to the site for some reason, maintenance or confirmation of something. Instead of directing the user to the official site though, they’re given a lookalike site, usually easily identified as fake by looking at the URL in the address bar. The lookalike site allows the user to “log in” but in reality is just harvesting usernames and passwords to use in fraud. To combat this, most major companies no longer send you emails with links directly to login pages on their sites, instead having you visit the homepage of the site and log in from there.

This seems like a case where a series of users were taken in by a fresh round of phishing scammers, who then used the information harvested to make purchases with the iTunes accounts of the suckers taken in by the scam.

Apple has made a standard public statement about the problem of phishing or any other kind of account breach:

ITunes is always working to prevent fraud and enhance password security for all of our users. But if your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and/or issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately.

In this case, most of the victims should be fine as Paypal has stated that they are working to restore the funds to the defrauded accounts.

[DigitalDaily]via[Daringfireball