Just to let you know, I have started getting spurious and unexpected “you have failed to change your AppleID Password” mails again:
Subject: We’re Unable to Reset Your Apple Password
Date: Thu, 26 Jul 2007 13:29:05 +0000 (GMT)
Dear alec muffett,
We apologize but we were unable to verify your account information with the answers you provided to our security questions.
Because too many invalid attempts were made to answer these questions, you will not be able to reset your password for the next 8 hours.
If you need further assistance, please visit:
…and although it is hard to prove, the last time this happened was immediately prior to the one and only incident of “Identity Theft” that I have ever suffered – a bill for $38 from Verizon Wireless turned up on my VISA card a few weeks later.
I phoned them up to be greeted with a dialogue “If you are telephoning to query a debit on your credit card and you are not a Verizon customer, please press *2” – or somesuch, which filled me with dread.
My theory is that the crooks are milking AppleIDs – with their oh-so-friendly password recovery mechanism – for card meta-information, correlating it with stuff elsewhere, and then using it on the handful of traders who’ll accept dubious data for anonymous services.
I systematically randomised (eh?) all the information on my AppleID, so they’ll have a problem repeating that trick, but really:
If you receive an e-mail like the one above, if you’re an Apple customer then go and delete or randomise your personal information on their website ASAP. And complain to Apple.
Or watch your credit card bill; it’s your choice.