Two companies that are highly regarded in the business of delivering information digitally were ensnared in high-profile e-mail escapades Wednesday.
The separate incidents involved phony or mistaken billing e-mails landing in the inboxes of some Apple computer users and New York Times subscribers.
Some Apple users reportedly got fraudulent e-mails in recent days seeking personal information and credit-card numbers, according to a blog published by a company that sells Macintosh security software.
The New York Times accidentally sent e-mails hoping the recipients would reconsider their decisions to stop delivery. The appeal included a 50 percent price discount as a sweetener.
That e-mail, however, was intended for only about 300 people who had indicated they would end their subscriptions - not the approximately eight million who received it, a Times spokeswoman told Bloomberg News. The e-mail addresses had previously been supplied to the Times. By the end of the day, in between its own Twitter postings, the newspaper figured out its miscue and sent an apologetic note to subscribers.
Apple, meanwhile, did not respond to requests for comment on the reports that scammers had sent fraudulent billing e-mails to customers.
Intego, a company that produces security software for Apple's Macintosh computers, posted a note on its security blog telling readers to beware of e-mail that appears to be from Apple and seeks updates on identification and credit-card information.
"A vast phishing attack has broken out, beginning on or around Christmas Day, with e-mails being sent with the subject 'Apple update your Billing Information,' " the Intego blog said. "These well-crafted e-mails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time. The messages claim to come from "email@example.com.";
As with any suspect e-mail, recipients should not click on any link and not provide information.
Intego offered this advice:
"The first rule of thumb is to move your cursor over the link in the message and wait for a tooltip to pop up." (In this case, instead of an apple.com address in the URL, there were numbers.) "Always look at the part right after the http:// in the URL. If it's not something.apple.com (it could be www.apple.com, store.apple.com, or something else), then it's bogus."