2
   

ITunes account fraud and hijack

 
 
dadpad
 
Reply Tue 4 May, 2010 07:42 am
My daughters itunes account has been hacked, hijacked and fraudulent transactions made to the value of $400 AUD .
It appears the country associated with the account has been changed to China.
ITunes have been less than helpful and are no longer responding to emails.
the matter has been reported to police and her bank has refunded the amount

The following Itunes customer service officers have been involved
ITunes representetive Antoine (Charlotte, NC)
Jernise iTunes Store Senior Advisor
It appears these ITunes representetives are among the small percentile of idiot Americans.

Below are snippets from the email exchange
From: iTunes Store ([email protected])
Sent: Friday, 2 April 2010 3:05:59 AM

Antoine said:
"Please note that you will be asked to provide a valid billing address in the new country as well as a payment method, such as a credit card or debit card, that was issued in the new country. Without these, you will not be able to change your account's country."

Cold Erin said:
WHY, in the above case, was someone able to change the itunes account country to China, but retain and use my (Australian) payment details?
Your records must show a number of ITunes charges made on the "new" ID in quick sucession - ALL in USD from Luxemborg, with the account country being China.

From: iTunes Store ([email protected])
Sent: Saturday, 10 April 2010 1:39:04 AM

Unfortunately Erin, I cannot answer your question about how your account was changed to another country without your billing information. As per Apple's policy, iTunes Store does not provide any account information--including account activity and personal information--without a subpoena. We do this for your protection.

If you need further assistance regarding this issue, please contact your legal advisor, who may contact Apple's litigation department http://www.apple.com/legal/contacts.html on your behalf.

Cold Erin said:
You have in fact provided me with personal information from the account in my previous emails.
EG:
"I have disabled the account, ("false email address,)"......It appears the country associated with the account has been changed to China

Perhaps you could answer the question in a hypothetical sense, rather than a personal sense, ie,

"Antoine, why, if your policy states 'before you change the country in your account, please note that you will be asked to provide a valid billing address in the new country as well as a payment method, such as a credit card or debit card, that was issued in the new country. Without these, you will not be able to change your account's country,' why would someone be able to change the country in ANY Tunes account and continue using their payment information?"

From: iTunes Store ([email protected])
Sent: Wednesday, 14 April 2010 1:04:03 AM
Finding a solution for you is important to me, so I have requested assistance with the issue you reported. You will receive an email after the matter has been investigated and further information is available.

Cold Erin said:
I'm sorry you've neglected to tell me from whom you have requested "assistance" and when they will respond.
I don't accept that... "You will receive an email after the matter has been investigated and further information is available"... gives an appropriate time-frame for the resolution of this problem. I require contact from you, or the "investigators" as to when you will resolve my problem.

I have a formal request from Victorian Police Senior Constable (NAME provided) that an Apple representative contact her in relation this this matter.
South Melbourne Police Station, Victoria, Australia
(country code + Phone number provided) is her telephone contact.
I trust you will ensure this email and formal request is relayed to the appropriate department, presumably the people who are now responsible for the "investigation" as per below.
This is a legal and binding request.

From: iTunes Store ([email protected])
Sent: Thursday, 22 April 2010 6:16:01 AM

Greetings ! My name is Jernise. I hope this email greets you in good spirits. Your request has been escalated to me for further review and I will help resolve this issue to your satisfaction. I understand your account has been hijacked and the information has been changed I'm glad to inform you that you can successfully change the information back to what it originally was following the steps below:

A.Select View My Account from the Store menu.
B.Click the Change Country button.

C.Select the country of residence

D.Click the Continue button.

E.Follow the steps outlined on each page

I hope you find this information helpful. Have a wonderful day!

Sincerely,

Jernise
iTunes Store Senior Advisor



Hi Jernise,

Thanks for taking care of my request. I'm having quite a long day today, although I did have an unexpected aromatherapy training session during the morning, which was interesting. How's your day going? (Insert dripping sarcasm emoticon here DP)

It's great you provided those basic steps in your email; thank you. I'm not an idiot. I know how to change to country of residence in my iTunes account.
The problem, had you read the emails Antoine and I have exchanged, is that my Apple ID has been 'hijacked' and it apparently no longer exists.
I cannot log in, I cannot view my account.

I have explicitly explained this on the following dates:

1. Friday 02 April
2. Tuesday 06 April (with attached screenshots for clarity)
3. Thursday 08 April
4. Saturday 10 April (with, again, attached screenshots for extra clarity)

This is the FIFTH time I have outlined why I cannot access my Apple iTunes account. As you're a Senior Adviser (and presumably better qualified and paid...), I do expect a higher level of intuituve understanding from yourself than I expected from Antoine. If you find that you're unable to comprehend what I want, I request that you escalate this to someone who can.

Just so we're clear, I have tonight tried to access my iTunes account with
a) my email/Apple ID (correct email provided) and password
and
b) the email my account was linked to when it was hijacked (false email provided) and password I used for my account.

Fix this.


Date: Fri, 23 Apr 2010 08:18:36 +1000
Forward of email above as no response

Date: Wed, 28 Apr 2010 09:12:22 +1000
Forward of email above as no response.

Date: Fri, 30 Apr 2010 22:04:24 +1000

Cold Erin said:
Hello Jernise,

Please give me an update on how you're fixing my problem.

I've noticed that it has now been more than a week since you offered to help resolve this issue to my satisfaction. Do you have targets to meet in customer service?

Cold Erin said:
Sent: Monday, 3 May 2010 8:58:13 PM
To: [email protected]
Hello Support,

I don't think the email address I've been given (below) is working - it has been 10 days since I last received a response to my emails.
I am still unable to access my account.

Thank you,











 
Robert Gentel
 
  4  
Reply Tue 4 May, 2010 09:01 am
Maybe I'm not following that mess of text very well but it seemed like an inordinately rude consumer giving customer service a hard time when they are neither responsible or at fault.

Things like demanding what they will do to "fix" your problem (that is not their doing and that they are trying to help you with despite your attitude) is why I'm not in customer service.

Things like demanding to know who they escalated your ticket to and when they will reply is just childish nonsense that these poor folks have to deal with.

And then tying this to your ongoing beef with Americans by labeling them "idiot Americans" (what the hell does their nationality have to do with it?) just takes the cake. You are being a whiny, nightmare customer here while they try to help you out with a problem that is not of their doing.

It's amazing that customer service people are so patient with folks like you. If this is the kind of exchange you post yourself (obviously thinking it makes them look bad) I can only imagine the kind of exchanges you have with customer service reps that you might be ashamed to post.
0 Replies
 
dadpad
 
  0  
Reply Wed 5 May, 2010 02:05 am
Quote:
Maybe I'm not following that mess of text very well

I didnt want to post the full exchange with their cheery "Hope your having a good day" salutations which clearly was not the case when $400.00 had been stolen from here Itunes account and the number of times it was very apparent that previouse emails had not been read.

Quote:
when they are neither responsible or at fault.

Of course they are responsible?
Itunes allowed someone to hack and defraud my daughters account. Allowed that same person to change the country without a valid credit card in that country and then advised that it would not be possible to do so.
Itunes demand credit card details from customers and then allow someone to hack the account.
How are they not responsible?

Quote:
Things like demanding to know who they escalated your ticket to and when they will reply is just childish nonsense.


You are very wrong here robert. Good customer service demands that whoever is fixing the problem takes responsibility for fixing things and sets a time frame for doing so.
You've said before you are not great with customer relations. Maybe time to do some research

Quote:
And then tying this to your ongoing beef with Americans.

What ongoing beef was that?
There are a small percentage of idiot americans, idiot australians and idiots in any other country you care to name.

Quote:
You are being a whiny, nightmare customer here.

I am posting here to alert other internet users that Itunes can be hacked and their personal details can be changed, credit card information stolen and that Itunes will do very little to assist, such as contacting police when asked to, such as providing access to the account such as not answering emails.

Got a pecuniary interest Robert?

You are being a whiny, nightmare customer here.
I am posting here to alert other internet users that Itunes can be hacked and their personal details can be changed, credit card information stolen and that Itunes will do very little to assist, such as contacting police when asked to, such as providing access to the account such as not answering emails.

Got a pecuniary interest Robert?
Robert Gentel
 
  3  
Reply Wed 5 May, 2010 11:17 am
@dadpad,
dadpad wrote:
Of course they are responsible?
Itunes allowed someone to hack and defraud my daughters account.


Again, they are not responsible for this. Your credit card issuer is. They are a merchant. The account wasn't hacked because of some hole in their system, it was likely hacked because of a weak password or weak security on her end (keystroke logger, network sniffing).

In this situation, the bank is responsible for the fraud, and has made the refund as you noted. iTunes is another defrauded victim of this attack.

Quote:
Allowed that same person to change the country without a valid credit card in that country and then advised that it would not be possible to do so.


I'm not sure who is confused here, but you can change the iTunes store country without even changing it on the account. In any case, I think you ran into a fundamental policy based on their licensing. Most content providers do IP to country checks to block content in countries they aren't supposed to sent it to, iTunes seems to do it differently and rely on the account country on setup.

Now I have no idea what is up with the country setting on this particular account, but it really has nothing to do with the fraud. The same fraud can happen on any country store and the fraudster just happened to want a certain country's iTunes store.

Quote:
Itunes demand credit card details from customers and then allow someone to hack the account.
How are they not responsible?


They aren't responsible for fraud on the credit card (neither is the customer, the bank is) and they are not responsible for your daughter's security.

They did not let someone hack the account, your daughter did.


Quote:
You are very wrong here robert. Good customer service demands that whoever is fixing the problem takes responsibility for fixing things and sets a time frame for doing so.


Demanding to know who a ticket is escalated to is stupid childish nonsense. Let them do their damn jobs! The customer service rep doesn't know who will pick it up on the next level or department it was escalated to, and it just wastes more of their time to make such demands and such demands do nothing at all to help any party.

Quote:
You've said before you are not great with customer relations. Maybe time to do some research


I'm not good with it because I have no patience for rude assholes. Not because I fail to understand how it works. I understand how it works well enough to know I lack the serenity for it.

Quote:
What ongoing beef was that?


You frequently bring up American nationality, you seem to have an ongoing beef with Americans to me.

Quote:
There are a small percentage of idiot americans, idiot australians and idiots in any other country you care to name.


You'll not find yourself bringing up any other nationality and idiots with the frequency with which you do so with Americans, do despite your disclaimer I suspect you have your reasons for attaching nationality to the American ones.

In this case, the nationality of the people involved is immaterial, but you saw fit to bring it up and I don't think it's coincidental that it's Americans again.

Quote:
I am posting here to alert other internet users that Itunes can be hacked and their personal details can be changed, credit card information stolen and that Itunes will do very little to assist, such as contacting police when asked to, such as providing access to the account such as not answering emails.


Any internet account can be "hacked" so it's not much of an alert. And iTunes did their job. The bank did their job. The customer suffered no monetary loss.

The rest is frustration being taken out on customer service reps who aren't responsible for the fraud, the policies they communicate to you, or the technology safeguards. It's unwarranted abuse of people who's job includes not rising to the immature bait.

Quote:
Got a pecuniary interest Robert?


Nope I don't own any stock in any company that I didn't found. I own no piece of any company and speak my mind about Apple without financial incentive. Do you really think I post all those negative things about them but then don't agree with you due to pecuniary interests? I think you are grasping at straws.

And I had my own frustrating experience with iTunes recently. They don't let you cancel any downloads. So when I decided to test their free TV shows on offer I got gigs and gigs of files added to my queue that I then found out you can't cancel without contacting their customer support (which took a while to understand what I wanted too).

I find that absolutely absurd, but I refrain from making sarky comments to the helpful folks tasked with dealing with frustrated customers like me. I know this policy is not their doing and I don't treat them like crap.

I've hired and managed customer service people before and I have a lot of respect for them and what they are able to put up with from people who think they are the center of the universe and that the customer service people are their emotional punching bags. They aren't allowed to make a snarky comment back or to reciprocate insults. So when the whole department stops responding to someone it usually means that the boss decided the customer was too much of an asshole to demand that the customer service folk keep answering and that ignoring is preferable to telling them so.

But if you just want some help Apple/iTunes bashing I'm game. I actually hate iTunes with a passion. I'm using it this year for the first time in my life because Apple forces me to use it to sync with an iPhone (which is otherwise pretty cool). It's a customer-hating company (Apple) in many ways (though not in customer service, theirs is actually pretty good) and I would never buy music from them (you can only play it on the Apple ecosystem) and I can't wait till their leadership in mobile applications is lost to a more open, less controlling company.
0 Replies
 
dadpad
 
  1  
Reply Thu 6 May, 2010 01:43 am
Good response Robert,
Especially this.
Quote:
The account wasn't hacked because of some hole in their system, it was likely hacked because of a weak password or weak security on her end (keystroke logger, network sniffing).

I'll pass that on.



0 Replies
 
dadpad
 
  1  
Reply Thu 6 May, 2010 01:54 am
Quote:
They don't let you cancel any downloads.

its included in their sales policy, somewhere amongst the multitude of text that we are supposed to read. cant say i blame you for not knowing.


Quote:
iTunes Store

TERMS OF SALE

AUSTRALIAN SALES ONLY

Purchases or rentals (as applicable) from the iTunes Store are available to you only in Australia. If you are not in Australia you may not use or attempt to use the service. iTunes may use technologies to verify such compliance.


The credit card used was my daughters, she is located in Australia. It was used (somehow) from a terminal in Luxemborg.
The country account was set to China.

I can view this as a breach of their terms of sale... or are terms of sale only applicable to customers? do companies not have top abide by their own terms of sale?
maryanddan
 
  1  
Reply Sat 8 May, 2010 03:21 pm
@dadpad,
Within the past week, my daughter downloaded the free Farm Story app from itunes. On May 7, I received 43 receipts for purchases from itunes. Purchases were for "gems" for Farm Story from Teamlava LLc. Also receive 43 emails from paypal confirming payments totaling over $4900 had been send to itunes. That's forty nine hundred!
In 2 1/2 years I have made a total of $35 in purchases at itunes, and neither paypal nor itunes thought this volume was suspicious.
Immediately contacted my bank which is my primary source of funding for paypal. They referred me to paypal, who in turn referred me to itunes who can only be contacted by email. At that time only $1600 in charges were shown as pending at my bank, so I thought that was the extent of the damage. In later contact with paypal, I was told I had a billing agreement with itunes which meant, simply accessing my itunes account enabled anyone to make purchases up to $5000 a month without ever entering my paypal password. I had been charged $4929.15 by itunes, but $3300 of it was ACH transfers that hadn't hit my bank account yet.
Later discovered that when selecting paypal as payment choice you are directed to paypal where you accept their billing agreement. Simply says you authorize them to make payments to itunes. Gives no dollar amount. Who would charge $5000/month on itunes? (The limit for ebay was $100,000.) Check your paypal and cancel these agreements.
Itunes has been absolutely no help at all. Basic form letter telling me to contact my bank and change my password. "They understand" my concern, but itunes can't reverse charges. Oh and "have a pleasant day". Further emails accomplished no more than wishing me "pleasant evening" and "a nice weekend".
From reading the web, this is standard itunes response.
This is not a $2.99 fraudulent charge. This is almost $5000 being paid to one app provider Teamlava LLC. When attempting to contact them, I find their website is a blank page, and the link to support leads to an email address. This app was posted on May 2, 2010. In 4 days they were able to make $5000 from me, and who knows how much from other itunes users, yet they are still available for download at itunes. That's how much concern itunes has for it's customers. Not sure what percentage of that $5000 itunes gets, but they are in no hurry to give it up.
Beware when dealing with itunes and Farm Story app.
I'm currently disputing the charges with paypal and my bank. Unfortunately the bank can't do anything until the money is taken out of my account. Seems like if someone could act quickly, this whole process could be stopped and the criminals caught. Itunes knows who they sending payments to, and where the purchases were made from.
Robert Gentel
 
  2  
Reply Sun 9 May, 2010 01:57 pm
@maryanddan,
Take away your itunes password from your daughter, iTunes did nothing wrong, here is what happened:

1) The app has "in app purchases" basically within the game your daughter spends real money to buy "gems" for the game.

2) Your daughter is spending a lot of your money, because she has your itunes password (she'd need it every time she charged). Take it away (by changing it and not giving it to her) and you solve the problem, this isn't "fraud", you gave your daughter control and she spent 5 grand.
0 Replies
 
Robert Gentel
 
  2  
Reply Sun 9 May, 2010 02:52 pm
@dadpad,
Those terms are licensing terms for their content providers who block distribution outside of specific regions, but that doesn't mean Apple is required to not charge from outside the region all the time (that would be very annoying for folks who travel).

For example, I have a US account (where my billing address is) but I have only used it from Costa Rica (I hate iTunes but had to start using it for the iPhone apps). Some of their licensing agreements require them to not distribute outside of the country where they gained such a license (because many distribution licenses are regional in old-world distribution systems and the company just doens't have the legal right to give a license for distribution outside the region) and that is what they are referencing.

They aren't obligated to enforce it except in cases where they lack a distribution license for the content. They put those terms there for those situations IMO.
CalamityJane
 
  1  
Reply Sun 9 May, 2010 04:24 pm
@maryanddan,
I don't think it is a wise idea to connect paypal to your bank account and you
should change this to a credit card. There you have much better resources
in case of a fraudulent charge.
0 Replies
 
dadpad
 
  1  
Reply Mon 10 May, 2010 07:13 am
@Robert Gentel,
Quote:
Those terms are licensing terms for their content providers

NO They are NOT licencing terms.
They are sales terms. Sales means consumers buying prouct or service.
You cannot buy from this store unless your billing address is in Australia. That is what it says. If that is not what it means then it is misleading to consumers.

[img]I have a US account (where my billing address is) but I have only used it from Costa Rica [/img]
Correct and that works your billing address (bank) is in US. In My case the card was (supposedly) located in Luxemborg. The Account country was set to china.
Of course the sales terms say MAY use technology to check. I am well aware of that the definition of MAY is we won't but we want you to think we will.

Experiment.
Can you change the country in your account to Costa Rica or Australia for that matter and still make a purchases?
0 Replies
 
dadpad
 
  1  
Reply Mon 10 May, 2010 07:22 am
Quote:
1) The app has "in app purchases" basically within the game your daughter spends real money to buy "gems" for the game.


If the charges are clearly spelled out I would not consider this fraud.

The game is free but "Gems" cost real money.
If the charges are hidden somehow be it in the fine print or not I consider it fraud.
This is similar to mobile phone services companies that advertise a free service however by using the free service you are actually signing on to a contract (check the fine print).

Companies should not be allowed to operate in this fashion. You can argue about it till you are blue in the face but it still should be outlawed.

anyone who posts after this owes me 5.00 per month
0 Replies
 
 

Related Topics

 
  1. Forums
  2. » ITunes account fraud and hijack
Copyright © 2017 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 08/20/2017 at 06:48:26