This article explains how you recognize and avoid phishing scams. More specifically, the focus of this article is how you can tell if a message from “Apple” requesting information is really from Apple, iTunes, iCloud, App Store etc.
This article provides an overview of phishing attacks targeting Apple users. Scammers use emails or text messages to trick you into giving them your Apple ID information. Phishing emails look so real that it could be difficult to recognize if they are authentic or not.
The bad news is that, unfortunately, phishing is fairly common. The good news is that, however, you can easily spot fake Apple account scam emails and messages.
See also: Your Apple ID Disabled Error, Fix
How to recognize fake Apple emails or texts
Apple may send you emails. These can be about your receipts, new products, or account changes and/or concerns. For example, you can change your Apple ID password from your Apple ID account page at https://appleid.apple.com. And once you change your password, you will get an email saying “your Apple ID information has been updated.”
Apple emails or messages NEVER:
- Include attachments, or ask you to open an attachment
- Say they’ve noticed some suspicious activity or there’s a problem with your Apple account or your Apple ID payment or card information
- Say your Apple ID is disabled/locked/deactivated or will be disabled/locked/deactivated.
- Ask you to update your account details
- Say you must confirm your Apple ID and account
- Include generic greeting (like Hi Dear, Dear Customer, Dear Apple Customer, etc), (instead, most Apple emails include your real name like “Dear Kurt Serhat”). (Also note that real Apple receipt emails include your actual billing address)
- Include bad grammar or spelling
- Ask personal/sensitive information; such as Apple ID password, credit card numbers, credit card CCV codes, social security numbers, etc; by email
- Contain dubious links or shortened URLs and URLs don’t match the address of Apple’s website
- Looks unprofessional
Also, check that who sent the email. Are they from Apple (apple.com, icloud.com, etc)? Email addresses can be spoofed. You can go to Mail > View > Message > Show all Headers to see more.
See also: “APL*ITUNES/BILL”, What Is This?
If you receive an email or text containing any of the above elements, then you can surely say that it is an Apple ID account scam, even though they may look like they’re from Apple.
Fake Apple email examples
This email is fake. Here is how we can tell:
- Notice the poor grammar
- Apple emails never include attachment files.
- Apple’s account-related emails never include generic greeting
- As you can see, this email was sent to you and 485 other people. Apple never does that.
This is also not authentic because:
- The email has a generic greeting: Dear Apple Customer
- The email asks you to confirm your account
- The email has spelling errors: it says apple (should be Apple)
This is also fake because:
- Authentic Apple messages never say your account is disabled/restricted
- As you can see, the URL does not belong to Apple
- Apple emails never ask you to confirm something
This is also a phishing attempt”, because
- Apple never asks you to open an attachment
- It is generic (Dear Customer)
- Poor Grammar
Tips to avoid Apple phishing attempts
- Do not open attachment from unknown senders
- Keep your iOS and macOS devices up to date
- Enable and use two-factor authentication
- Do not respond to scam messages or emails
How to report these fake emails
If you receive such emails, please forward them to firstname.lastname@example.org and email@example.com (The Federal Trade Commission). You can also report spam to www.ftc.gov/complaint.
If you have been the victim of a phishing scam already, change your Apple ID password immediately. You can do so:
- On your iPhone and iPad: Go to Settings > [your name] > Password & Security > Change Password.
You can also do that online by going to the Apple ID account website.
If you are unsure about it, you can always contact Apple support.