Special Report: Downloadable Danger

Kimberly Pullis loves music.

Kimberly Pullis, Fraud Victim
"All kinds, disco, 80's mostly, my husband laughs at me. I love 80's music!"

So when she got an iPod she knew exactly what to do.

Kimberly Pullis, Fraud Victim
"Signed up for iTunes, that's where you're supposed to get your music when you have an iPod."

To make her payments easily, she registered her PayPal account with iTunes.

Kimberly Pullis, Fraud Victim
"Anytime I purchased a song or whatever, it would be taken directly from my PayPal account."

It seemed like a good idea.

Kimberly Pullis, Fraud Victim
"You plug in, you download, you're good to go."

Until one day, she noticed something was not right.

Kimberly Pullis, Fraud Victim
"I came home, checked my email as I always do, and noticed that there were two fifty dollar charges out of my PayPal account, and thank you notices from iTunes for purchasing those two gift cards."

Kimberly says she never bought any iTunes gift cards. That's when she says, she knew she had been ripped off!

Kimberly Pullis, Fraud Victim

"If my iTunes account was hacked, and they used my PayPal account, which was attached to that account, was used for a hundred, I can't imagine how many thousands of dollars have been ripped off."

And she found out she was not alone! A simple search online turns up dozens and dozens of complaints from people saying the same thing, fraudulent charges on PayPal, bank accounts, or credit cards, all directly linked to their iTunes account.

We want to be clear: iTunes isn't doing anything wrong here. Any website is vulnerable to this kind of hacking. Because iTunes is such a popular site, cyber criminals know there is an almost limitless number of accounts to target.

Cyber security experts explain this kind of fraud is gaining popularity, because gift cards can't be traced. And any website that allows people to set up a direct payment plan is vulnerable. But because so many people use iTunes, it's a prime site for thieves.

Leonid Reyzin, Boston University
"Hackers have caught on and there is a good market for those, for those gift cards so they can make money off of it."

Here's how the scheme works: When you buy a gift card online you receive a "code" to redeem the value. Cyber thieves then sell these codes on-line at discounts and pocket the money, while you get the bill.

Robert Siciliano, Internet Security Expert
"A hundred dollar gift card that is stolen from your account that is resold for 25 bucks is pure profit for the criminal."

When we contacted Apple, they wouldn't talk about the alleged fraudulent charges on iTunes accounts, but they suggested if you are a victim of credit card fraud, or concerned for your online security, it's a good idea to change your iTunes password.

Another way to try and protect yourself, don't store your payment information as part of your online accounts. Only supply the information when you are making a purchase.

That's a lesson Kimberly learned the hard way.

(Copyright (c) 2009 Sunbeam Television Corp. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.)