- New phishing scam looks like an official email from Apple
- Links to fake Apple login screen that will steal your credentials
- Double-check that the email comes from an Apple.com address
Scammers are always trying new tactics to steal your personal information. The latest phishing scam is no exception: cybercriminals are sending out emails which appear to be from Apple, claiming that your Apple ID is suspended, requiring urgent action.
The email, which appears convincing, demands that you take action to recover your suspended Apple ID (which has been rebranded your ‘Apple Account’ from iOS 18). Clicking the link in the email will take you to a fake Apple login screen. If you enter your details here, hackers will steal your credentials and potentially be able to gain access to your Apple account.
Depending on how securely your Apple account is set up, your username and password could allow these cybercriminals to make fraudulent purchases with your saved payment methods. They could also give them access to personal data, such as files and photos saved in your iCloud account.
The scam relies on all of the techniques used in classic phishing scams. The email is designed to look exactly like an official email from Apple, with logos, colors and fonts that make it highly believable. This consistency is intended to gain your trust.
The account alert also causes an emotional response. You might experience fear or panic at the thought that your Apple ID has been suspended. This is the hook that could cause you to act. The scam combines this with a sense of urgency, requiring you to act quickly to recover your account. The idea behind this is to make you act hastily, overlooking any inconsistencies in the email.
Don’t take the bait
With more than two billion active Apple devices worldwide, it’s no surprise that scammers are targeting users of these products. Whether you own an iPhone, an iPad, a MacBook or something else, an Apple ID is your key to the Apple ecosystem. If this is compromised, cybercriminals can potentially access a trove of your data.
This isn’t the first Apple ID scam we’ve seen: earlier this year we reported on an SMS attack which attempted to steal user details. With phishing attacks becoming increasingly common, complex and harder to detect, particularly with the use of artificial intelligence, we don’t expect Apple ID (or Apple Account) scams to go away any time soon.
TL;DR How to stay safe
1. Check the email’s address (Apple emails will end in ‘@email.apple.com’).
2. Watch out for inconsistencies in the email (like grammatical errors).
3. Remember that Apple will never ask you to log in to a website.
4. Turn on two-factor authentication for extra security.
There are a few things you can do to keep yourself and your Apple ID secure. First, whenever you receive an email about your Apple ID, check the address that the email has been sent from. If it’s a genuine email from Apple, the account will end in @email.apple.com. If it doesn’t, it’s almost certainly fraudulent.
Secondly, you should also check the email thoroughly for inconsistencies. Look for spelling mistakes, grammatical errors and formatting issues, all of which are tell-tale signs of a fraudulent email.
As a general rule, you should view account alert emails with a healthy dose of suspicion. Apple has published an article about how to stay safe from scams, in which it offers the following advice: “If you’re suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money, it’s safer to presume that it’s a scam — contact that company directly if you need to.”
Apple also makes clear that it will never ask you to log in to a website, provide your passcode or bypass two-factor authentication. If an email is asking you to do any of these things, you know that it’s a scam.
If you believe that an email you’ve received about your Apple ID isn’t authentic, don’t click any links contained in it. Instead, you can forward this email to reportphishing@apple.com, then mark the message as spam.
If you believe your Apple ID has been compromised, you should change your password by heading directly to the Apple website. It’s also best-practice to turn on two-factor authentication, which will make it much harder for hackers to access your Apple account, even if they have your username and password.
Leave a comment