Identified Scam:

Beware of Fake Apple Phishing Emails: Don't Click Any Links

If you've been notified that your Apple ID has been locked, don't click the link in the email as this could be an attempt to steal your password.


Verified.org
Updated 9 April 2021
Beware of Fake Apple Phishing Emails: Don't Click Any Links
Share to
Identified Scam:

Key Finding

Fake Apple emails are being sent telling people their Apple ID or iCloud accounts are locked.


Key Risk

Scammers could buy Apple products using your saved credit card information and access your files, photos, and information saved in your iCloud account.

Sections on this page
  1. How the Apple Phishing Email Scam Works
  2. How to Beat and Avoid this Apple Phishing Email Scam
  3. Examples of Apple Phishing Emails
  4. Have You Fallen For This Scam?
  5. Frequently Asked Questions

Apple has built a solid reputation for its seemingly impenetrable security, but scammers still discover vulnerabilities. Recently, scammers have been targeting victims through an Apple phishing email scam that falsely claims that your Apple ID has been locked.

How the Apple Phishing Email Scam Works

In this Apple ID email scam, impersonators urge you to click the link provided in the fake email to verify or unlock your account.

If you've received an email like this, don't click any of the links! There's a good chance it's from a scammer looking to steal your account information. Fortunately, recognizing this Apple phishing email scam is simple. Here’s how it works.

1. You Receive an "Apple ID Locked" Email

First, the scammer scrapes an email list to discover Apple customers. Then, they target you with an email alerting you that your Apple ID has been locked for security reasons. This email will look real like it came from Apple.

Example Email

Dear Customer

Your Apple ID has been locked for security reasons. To unlock it, you must verify your identity. 

Unlock Account >

If you don't unlock your account before 24 hours, your account password will change automatically. 

Sincerely, 

Apple Support

2. The Apple Phishing Email Directs You to Click a Link

The email will request you click a link to verify your identity or to unlock your Apple account. There likely will be no contact information or a request to call a number—instead, they want you to click on one of the phishing links.

3. You Click the Link and Enter Your Login Information

Once you click the link, the scam will ask you to enter your Apple username and password (and potentially additional details) to verify and unlock your account.

4. The Scammer Steals Your Account Information

Once you enter your login information, it’s sent to the scammer. The scammer can then use your login to find your contact, payment, and security information. They can access your photos, documents, and any files you've stored in iCloud and order products using your saved credit card information.

How to Beat and Avoid this Apple Phishing Email Scam

Scammers use email phishing scams to access your sensitive account information. However, these emails are powerless if you know how to identify and avoid them.

This Apple ID email phishing scam can appear legitimate because so many other brands send similar emails. Account security is an ongoing concern for customers, so scammers capitalize on this fear with a meta scam about protecting yourself from scams.

Enabling 2-factor authentication on your Apple account will protect you even if you fall for this scam. This will block scammers from accessing your account even if they have your username and password.

Beat this Apple Phishing Email Scam

Beating this scam is simple—do not click the email link. If the email looks legitimate—and it more than likely will—log into your Apple account by accessing the site directly from your web browser rather than clicking on the link.

This will ensure that you’re visiting the actual Apple site and not a fake phishing website.

If you receive an email from Apple (or at least looks like it’s from Apple) saying your Apple ID is locked, delete the email and check your account by typing "https://appleid.apple.com/" directly into your web browser and logging in there.

Contact Details

Apple


Phone: 1-800-275-2273
Website: https://www.apple.com
Contact page: https://support.apple.com/contact

Verified.org

Verified Contact Details

It's important to verify links and contact details to beat imposters.

Identify an Apple Phishing Email

Scammers are getting better at sending imposter emails, but there are a few tell-tale signs that should be immediate red flags. If you've received an email from Apple or Apple Support, here's what to pay attention to:

  • Sender’s email address
  • Personalization
  • Link destinations
  • Grammar
  • Contact information

If you're not 100% convinced it's a valid email from Apple, then forward the email to [email protected]. Apple states that you should only update your account or payment information on Apple's website or through your iOS device, so avoid any email or website that asks you to do otherwise.

Verify the Sender

Scammers will try to use an email name and address that impersonates Apple, but they can't completely mimic the real thing. Apple ID account emails will always come from [email protected] If an email about your Apple ID comes from any other email address, it's likely a scam.

An email "from" name may claim to be Apple Support, but you can double-click the name to check the actual sending address.

Look for Personalization

Apple knows all of your account information, so they won't send general emails to your account saying, "Dear Customer." They'll know your name, and they'll also be able to identify the exact details that led them to flag suspicious behavior that might have put your account at risk.

Look to see if the email uses your real name or billing address. Apple will have access to this information, whereas scammers will likely not.

Double-Check the Link URLs

Hover over the email links to see what URLs they lead to—you don't need to click an URL to discover its end destination. If they lead anywhere besides apple.com or icloud.com, then that should be an immediate red flag.

All links regarding your ID should go to https://appleid.apple.com/. Don't click any links or even slight variations of this URL.

Safety Tip

If you've clicked the link, don't worry. The scammers will only be able to steal your information if you enter it on the fake Apple site. Only trust Apple sites that have apple.com or icloud.com as the main URL.

Be Wary of Grammar Errors

Apple is a publicly traded company—they're not likely to send automated emails filled with typos and spelling or grammatical errors. If you see apparent misspellings and errors, there's a good chance the email is a scam.

Inspect Contact Information

Apple typically directs all customer support-related issues to their phone lines. If a phone number isn't listed in your Apple email, that should be an immediate red flag.

However, some of the Apple phishing emails direct you to calls a number rather than click on a link to steal your account information, so be wary with your customer support calls, too.

How to Avoid This Scam

  • Use two-factor authentication: Always protect your account with two-factor authentication (or 2FA) to give yourself an extra layer of protection. Keep your contact information secure and up to date to avoid 2FA issues. You can set up 2FA by going into your Apple ID settings and turning it on.
  • Never share personal information: Apple will never ask for your full credit card number, Social Security Number, passwords, or mother's maiden name. If any email, site, or customer support representative from Apple requests this information, do not provide it.
  • Only update information on Apple.com or an iOS device: If you receive a message telling you to verify or unlock your account, go straight to https://appleid.apple.com/ or your iOS device to log in to your account. If there's an issue, you'll see a message or notification there, too.
  • Don't follow links or open attachments: If you're suspicious of an email, don't click any links or open attachments to do some investigating. Forward the email to [email protected], and then mark the message as spam. Deleting the message will only take it out of your inbox, but marking it as spam will discourage your inbox service provider from sending future emails from that address to you.
  • Contact Apple directly: If you're concerned about your account security or suspicious behavior, give Apple a call on 1-800-275-2273. They'll be able to look through your account information, activity, and messaging to verify the authenticity of any email claim.
  • Watch out for copycat websites: Scammers will direct you to a lookalike site that likely mimics Apple's website. Double-check the URL and contact information to ensure you're on Apple's legitimate website.

Examples of Apple Phishing Emails

Apple phishing emails come in many forms, with some more convincing than others. It's important to know what to look for in a scam email to keep your information safe. Remember, if you're ever unsure if an Apple email is legit, don't click on any links.

Example of an Apple phishing email
Tell-tale signs of an Apple phishing email include typos and poor design.

Some scammers are even getting sneakier, adding a trusted sender banner to the top of the email to make you think it's legit. Make sure you check the sender's email address and confirm it's actually from Apple before clicking on any links. 

Example of Apple phishing email
Always check the sender's email address to confirm it's actually from Apple. (Source: Which? Conversation)

Although some Apple phishing emails can be extremely convincing, one of the first signs of a scam is "Dear Customer." Emails from Apple will address you by your name and not something generic like "Customer."

Example of Apple phishing email
Apple emails will address you by your name and not "Customer." (Source: KHQ)

Have You Fallen For This Scam?

If you've fallen for this scam, all is not lost. You can still take immediate action to protect your account from scammers.

1. Change Your Account Login

If you believe you've fallen for a scam, change your Apple ID password immediately (and if you haven't yet, enable two-factor authentication).

Review all the contact and security information in your account to ensure it's all correct. If a scammer gets access to your account, they will try and change this information as quickly as possible. However, they likely won't initiate a password reset since they'd need access to your email address to confirm the change.

2. Disable Unrecognized Devices

On your iOS device, open up your Settings and click on your name. Scroll down, and you should be able to see a list of all devices that have access to your Apple ID.

If you don't recognize a device, tap on it to learn more. This will show you the device's information, including:

  • Model number
  • OS version,
  • Whether it's a trusted device

If you're suspicious of a device, click "Remove Account" to remove it from your ID. This will prevent that device from having access to your account. However, you'll need to change your account login information to prevent them from getting access again.

3. Contact Your Financial Institutions

Your Apple ID likely contains information to use your bank accounts and credit cards. Even if you haven't seen any suspicious activity yet, it's a good idea to give your credit card companies and banks a heads-up that your accounts might be in danger.

They may recommend proactively canceling and replacing the card linked to your Apple account to prevent potential theft.

4. Call Apple Support

Apple doesn't have a publicly-listed email address you can use, but you can give Apple a call at 1-800-275-2273 or start a live chat with Apple Support online.

Let them know your situation and ask for additional help to ensure your account is secure.

You should also forward the email to [email protected]

Frequently Asked Questions

How do I report an Apple phishing email?

Report Apple phishing emails by forwarding them to [email protected] This won't protect your account but will alert Apple to the scam.

Can Apple computers and iPhones get these phishing attacks?

This Apple scam can be sent to you regardless of what kind of computer or cell phone you use. As long as you have an Apple ID or iCloud account, you can be a victim of this phishing scam.

How do I stop phishing emails?

Unfortunately, there's no way to stop scammers from sending you emails completely. To minimize how many phishing emails you receive, you can block and report scam emails and report phishing emails to Apple.

About This Article

Share This Article to Help Others

Comments