- How the Apple Phishing Email Scam Works
- Red Flags of Fake Apple Phishing Emails
- How to Beat This Apple Phishing Email Scam
- Have You Fallen For This Apple Phishing Email Scam?
- Frequently Asked Questions
Apple has built a solid reputation for its seemingly impenetrable security, but scammers still discover vulnerabilities. Recently, scammers have been targeting victims through an Apple phishing email scam that falsely claims that your Apple ID has been locked.
How the Apple Phishing Email Scam Works
In this Apple ID email scam, impersonators urge you to click the link provided in the fake email to verify or unlock your account.
If you've received an email like this, don't click any of the links! There's a good chance it's from a scammer looking to steal your account information. Fortunately, recognizing this Apple phishing email scam is simple. Here’s how it works.
You Receive an "Apple ID Locked" Email
First, the scammer scrapes an email list to discover Apple customers. Then, they target you with an email alerting you that your Apple ID has been locked for security reasons. This email will look real like it came from Apple.
Example EmailDear Customer
Your Apple ID has been locked for security reasons. To unlock it, you must verify your identity.
Unlock Account >
If you don't unlock your account before 24 hours, your account password will change automatically.
Sincerely,
Apple Support
The Apple Phishing Email Directs You to Click a Link
The email will request you click a link to verify your identity or to unlock your Apple account. There likely will be no contact information or a request to call a number—instead, they want you to click on one of the phishing links.
You Click the Link and Enter Your Login Information
Once you click the link, the scam will ask you to enter your Apple username and password (and potentially additional details) to verify and unlock your account.
The Scammer Steals Your Account Information
Once you enter your login information, it’s sent to the scammer. The scammer can then use your login to find your contact, payment, and security information. They can access your photos, documents, and any files you've stored in iCloud and order products using your saved credit card information.
Red Flags of Fake Apple Phishing Emails
Apple phishing emails come in many forms, with some more convincing than others. It's important to know what to look for in a scam email to keep your information safe. Remember, if you're ever unsure if an Apple email is legit, don't click on any links.
Be Wary of Grammar Errors
Apple is a publicly traded company—they're not likely to send automated emails filled with typos and spelling or grammatical errors. If you see apparent misspellings and errors, there's a good chance the email is a scam.
Inspect Contact Information
Apple typically directs all customer support-related issues to their phone lines. If a phone number isn't listed in your Apple email, that should be an immediate red flag.
However, some of the Apple phishing emails direct you to calls a number rather than click on a link to steal your account information, so be wary with your customer support calls, too.
Some scammers are even getting sneakier, adding a trusted sender banner to the top of the email to make you think it's legit. Make sure you check the sender's email address and confirm it's actually from Apple before clicking on any links.
Look for Personalization
Apple knows all of your account information, so they won't send general emails to your account saying, "Dear Customer." They'll know your name, and they'll also be able to identify the exact details that led them to flag suspicious behavior that might have put your account at risk.
Look to see if the email uses your real name or billing address. Apple will have access to this information, whereas scammers will likely not.
Although some Apple phishing emails can be extremely convincing, one of the first signs of a scam is "Dear Customer." Emails from Apple will address you by your name and not something generic like "Customer."
How to Beat This Apple Phishing Email Scam
Scammers use email phishing scams to access your sensitive account information. However, these emails are powerless if you know how to identify and avoid them.
This Apple ID email phishing scam can appear legitimate because so many other brands send similar emails. Account security is an ongoing concern for customers, so scammers capitalize on this fear with a meta scam about protecting yourself from scams. Use the below tips to avoid this scam in the future:
- Use two-factor authentication: Always protect your account with two-factor authentication (or 2FA) to give yourself an extra layer of protection. Keep your contact information secure and up to date to avoid 2FA issues. You can set up 2FA by going into your Apple ID settings and turning it on.
- Never share personal information: Apple will never ask for your full credit card number, Social Security Number, passwords, or mother's maiden name. If any email, site, or customer support representative from Apple requests this information, do not provide it.
- Only update information on Apple.com or an iOS device: If you receive a message telling you to verify or unlock your account, go straight to https://appleid.apple.com/ or your iOS device to log in to your account. If there's an issue, you'll see a message or notification there, too.
- Don't follow links or open attachments: If you're suspicious of an email, don't click any links or open attachments to do some investigating. Forward the email to [email protected], and then mark the message as spam. Deleting the message will only take it out of your inbox, but marking it as spam will discourage your inbox service provider from sending future emails from that address to you.
- Contact Apple directly: If you're concerned about your account security or suspicious behavior, give Apple a call on 1-800-275-2273. They'll be able to look through your account information, activity, and messaging to verify the authenticity of any email claim.
- Watch out for copycat websites: Scammers will direct you to a lookalike site that likely mimics Apple's website. Double-check the URL and contact information to ensure you're on Apple's legitimate website.
Enabling 2-factor authentication on your Apple account will protect you even if you fall for this scam. This will block scammers from accessing your account even if they have your username and password.
Don't Click on Suspicious Links
Beating this scam is simple—do not click the email link. If the email looks legitimate—and it more than likely will—log into your Apple account by accessing the site directly from your web browser rather than clicking on the link.
This will ensure that you’re visiting the actual Apple site and not a fake phishing website.
If you receive an email from Apple (or at least looks like it’s from Apple) saying your Apple ID is locked, delete the email and check your account by typing "https://appleid.apple.com/" directly into your web browser and logging in there.
Apple
Website: https://www.apple.com
Contact page: https://support.apple.com/contact
It's important to verify links and contact details to beat imposters.
Verify the Sender
Scammers will try to use an email name and address that impersonates Apple, but they can't completely mimic the real thing. Apple ID account emails will always come from [email protected]. If an email about your Apple ID comes from any other email address, it's likely a scam.
An email "from" name may claim to be Apple Support, but you can double-click the name to check the actual sending address.
Double-Check the Link URLs
Hover over the email links to see what URLs they lead to—you don't need to click an URL to discover its end destination. If they lead anywhere besides apple.com or icloud.com, then that should be an immediate red flag.
All links regarding your ID should go to https://appleid.apple.com/. Don't click any links or even slight variations of this URL.
Safety Tip
If you've clicked the link, don't worry. The scammers will only be able to steal your information if you enter it on the fake Apple site. Only trust Apple sites that have apple.com or icloud.com as the main URL.
Have You Fallen For This Apple Phishing Email Scam?
If you've fallen for this scam, all is not lost. You can still take immediate action to protect your account from scammers.
Change Your Account Login
If you believe you've fallen for a scam, change your Apple ID password immediately (and if you haven't yet, enable two-factor authentication).
Review all the contact and security information in your account to ensure it's all correct. If a scammer gets access to your account, they will try and change this information as quickly as possible. However, they likely won't initiate a password reset since they'd need access to your email address to confirm the change.
Disable Unrecognized Devices
On your iOS device, open up your Settings and click on your name. Scroll down, and you should be able to see a list of all devices that have access to your Apple ID.
If you don't recognize a device, tap on it to learn more. This will show you the device's information, including:
- Model number
- OS version,
- Whether it's a trusted device
If you're suspicious of a device, click "Remove Account" to remove it from your ID. This will prevent that device from having access to your account. However, you'll need to change your account login information to prevent them from getting access again.
Contact Your Financial Institutions
Your Apple ID likely contains information to use your bank accounts and credit cards. Even if you haven't seen any suspicious activity yet, it's a good idea to give your credit card companies and banks a heads-up that your accounts might be in danger.
They may recommend proactively canceling and replacing the card linked to your Apple account to prevent potential theft.
Call Apple Support
Apple doesn't have a publicly-listed email address you can use, but you can give Apple a call at 1-800-275-2273 or start a live chat with Apple Support online.
Let them know your situation and ask for additional help to ensure your account is secure.
You should also forward the email to [email protected].
Comments