I’ve been the victim of fraudulent activity at the iTunes Store in the past couple of weeks. A total of $540 was stolen in the form of many false and repeated purchases of the same two apps.
I’ve found that the Itunes Store has poor security precautions for people like me, who set up PayPal as their payment option (it is no longer, I assure you), which has the benefit of allowing for instant purchases, but unfortunately, has the side effect of making it easy for a “hacker” (my uneducated word for someone who has breached my personal information) to sneak in through a trojan somewhere (in one of the apps I downloaded, very likely), and having their way with my account.
I found Apple Support to be very lacking, in their accessibility to report these fraudulent charges, and their way of solving the problem. I had to dig deep to find a web form to report these charges, and an entire 24 hours between communication emails. The gentleman I talked to the first time was very polite and flattering, but did very little to actually address my problem. After being admonished, “Our policy is not to give refunds for purchases,” he was *cough* nice enough to refund the money.
Because PayPal pulled the money right out of my bank account (I’m finding the lack of checks and balances between iTunes, PayPal, and bank very disturbing), my bank was grossly overdrawn, and I am bidden to pay the overdraft fees not only for these fraudulent charges, but also for the other legitimate bills that were coming in and incurring more fees for the lack of funds. PayPal was holding my refunded funds from Apple, but that takes four days for the money to get “redownloaded” to my bank, where I feel it is most secure.
I changed passwords and security questions at all aforementioned websites, chose a new PIN for my debit card, computer, and iPad, and of course talked to the bank, who was entirely unsympathetic to my plight (I used the word fraud, they dismissed it). Also, when Apple hears the word “fraud” associated with your account, they disable it. It takes another email to consent for it to be reenabled. I was willing to put up with that minor inconvenience, in order to get my account unlocked.
And then it happened again. 14 charges for the same app, with a slightly different app name than before, but similar enough that I knew it was the same joker. Again I dug around the Apple site looking for the customer service form. Again PayPal pulled money out of my bank. Again my bank gave me overdraft fees. Like I wrote before, the final damage was $540 between the fraudulent purchases, and the fees associated with them. Again my account was locked down. The moment I saw that it was happening again, I removed my PayPal information from Apple, and removed my bank information from PayPal. I changed passwords and logins again. I talked to the bank again. I have to pay those fees.
This has created a hardship that will be difficult to recover from. One, my iPad is an unusable brick. Two, I can’t use my bank account until I take care of the charges. Three, I’m not able to make online purchases. Four, I get paid for my webwork through online means which are now disabled.
So if I’m a bit quiet here, I do apologize, I’m dealing with stuff.
Word to the wise, if you have payment options linked up to your Apple account, disable them immediately. The Apple website and the iTunes Store are not secure, and even in changing passwords and other secure items, you are still vulnerable to attack. As you want to purchase an app or make an online purchase for your iOS device, THEN link them up, and upon completion of purchase, UNLINK them again.
*sighs* Now to figure out how to pull $540 out of my ass, or to figure out how to pinpoint exactly who made those purchases and go after them.
Oh, and this is not an isolated issue.