I Was iPhished! How This Geek Got Hacked!

I pride myself on internet security.  I can spot a phishing e-mail in a flash, know how to build and use strong passwords and have security on my network that makes my ISP techs proud. So how in the heck did I manage to have $284.22 stolen from my PayPal account?
That’s what I asked myself at 7:00 am this morning when I received an e-mail from PayPal telling me my account had been limited due to some suscpicious charges.
Being the geek I am, I monitor my accounts ‘like a hawk’ as my Papa used to say. I immediately noticed eight iTunes purchases in varying amounts, mostly for gift cards. Not cool. Luckily PayPal recognized that my iTunes history is never that extensive and took precautions. But I was freaking out (still am!).  How in the world did someone get access. I logged into my iTunes account and sure enough, there in my purchase history were 9 items all purchased at around 5:30 am in the morning.  One was a free game/app called Kingdom Conquest, the rest were gift cards. Whoa!

So how did someone get into my iTunes account?

Although I’m not exactly sure, through a process of elimination I’ve narrowed it down to my new iPhone. Yup..that’s right.  The geeky girl who takes security precautions like nobody’s business got tripped up by her fun new smart phone. My excitement over apps and my infatuation with my iPhone caused me to be less than vigilant.  I believe I was most likely prompted for my Apple ID by an unscrupulous party or app and didn’t recognize it as being out of place.  Naively I gave someone the password to my iTunes account thinking I was just doing the normal authorization process for the App store to do an update.
What happened to my normal vigiliance? I fell victim to something I’m sure many people do, I forgot that the iPhone is more like my computer than a phone.  In fact, the very thing I love about the iPhone is what opened me up to this attack. The fact that it’s ‘connected’ to everything and anything I may want to learn, do or ask.

Because it’s my ‘phone’ I subconsciously viewed it as secure. After all, it’s in my purse or on my desk.  I’ve never had a phone that was quite this connected before so I failed to identify the risks the same way I do with e-mail and the web. Stupid, but probably something that many people fall victim to.
Although it’s been rather nightmarish this morning I consider myself lucky on several things:

1. My iTunes account was linked to PayPal and not an actual bank account. Although it may take a few days, I’m pretty confident that Apple and PayPal will get the funds back in my account. (and trust me, I’ll let you know if they don’t.)
2. Although I was silly enough to have a pretty simple password for my iTunes account, I was smart enough to use a unique password there. None of my other accounts carry the same one, so I didn’t have to worry about someone gaining access to anything else.
3. The fact that I monitor my accounts to the point of OCD means that I was on the phone with Apple and PayPal by 7:30 this morning, a mere two hours after the charges were made. I’m hoping that helps to not only resolve my issue, but to catch the person responsible.

This has been an eye-opening experience for me, someone who thought they had all the security issues covered, and that’s why I’m sharing it with all of you. If my short-sightedness can help just one new iPhone owner from having the same thing happen to them, it’s worth the embarrassment of admitting it happened to me.