You may be familiar with the concept of “phishing”, an increasingly complex form of cyber-attack. The tactics used involve sharing disguised links, usually included in emails, to trick you into providing sensitive information to malicious individuals.

Phishing is one of the most common types of online attacks and embodies social engineering tactics.

And what’s even more frightening is that even people who lack advanced programming skills can access phishing kits on the dark web and as a result, they can easily target you.

If you are completely new to this topic and would like to learn more, we encourage you to access our complete guide on phishing to understand what it is, how it works, and how you can protect yourself against it:

In this article, we are going to take a closer look at phishing attempts involving Apple IDs.

Today there are over 1.4 billion active Apple devices, which require Apple IDs to gain access to Apple services like Apple Music, App Store, iCloud, FaceTime, iMessage, and others. Also, think about the fact that you don’t even require an Apple device to access Apple-related software or services, such as iTunes or log in to Apple’s official website, so imagine the number of people who can be targeted.

Why are scammers trying to steal your Apple ID?

The reason is obvious – your Apple ID is your ticket to using anything Apple-related and stores a great deal of personal information.

  • You use your Apple ID to log in to your Apple devices – think Mac, iPhone, iPad, iPod, Apple TV, and in the future you might even be using it for your Apple self-driving car, according to recent rumors.
  • It includes your payment and shipping information for purchasing applications from the App Store and devices by logging in to Apple.com.
  • With the Apple ID you can access your security settings, subscriptions, and in-app purchases associated with it.
  • Your Apple ID is used to access iCloud, where you can store your photos and any types of files and the theft of these can lead to blackmailing and even sextorsion.

How fraudsters trick you into visiting Apple ID phishing websites

There are many forms of Apple ID phishing attempts out there.

In this article, we’re going to give you some examples so you get a sense of what they can look like and be better prepared against them.

1. Apple ID Receipt Order Email

In the subject line of this email, you will find included something like “Receipt ID”, “Receipt Order”, or “Payment Statement”.

The purpose of this scam is to trick you into thinking a payment has been made using your credit card. As a result, you may hurry into canceling the order, worried that your money has been taken. If the attached file is opened or if you click the link, most probably you will end up on a page where you will be asked to confirm your personal details, such as password, credit card details, address, etc.

One of our colleagues here at Heimdal Security came across this Apple ID phishing attempt multiple times.

This is how the email looked like:

Notice the sender and email recipient. Both lines look suspicious and they are clearly not from Apple.

The attachment included was an editable Word file – a reputable source like Apple would never send you something like this.

image1 5

We opened it and here’s what it looked like:

image8 2

When we hovered the mouse over the link, we noticed it would not redirect us to Apple’s website.

image5 2

Thor Foresight blocked the page, warning us of the phishing attempt and malicious content.

image10 2

Using DarkLayer GUARD and Threat to Process Correlation (TTPC), it instantly identified and stopped the attack process.

image9 2

Warning: You should not try to open any malicious or suspicious links you receive, especially when you don’t have any anti-malware solutions installed on your device!

You may not have been fooled by this specific example since it doesn’t look like it came from a legitimate source. However, there are other Apple ID fake receipts that may seem much more convincing, like this one:

Source

So stay alert, and look for the warning signs!

Moving forward, we’re going to give you a few more examples of Apple ID phishing scams so you know what type of content you should watch out for.

2. Apple ID Phone Call Scams

Apple ID scams have also gone beyond fishy emails and crossed over to the illegal business of scam phone calls.

Scammers have also tried to use spoofed phone numbers, which are displayed on your phone as a real Apple number, with Apple’s logo, official website, customer support number, and actual address. This way, the masquerade looks alarmingly real.

Source

3. Apple ID Fake Text Message

Here is the second example of an Apple ID scam you may receive on your phone, this time in the form of a text message. It would read something like “Your Apple account is now locked” and will lure you into accessing a link which supposedly unlocks your account.

image3 1

Source

Here is another similar example, which aims to trick you into thinking your iCloud ID has been deactivated and that you now need to complete the activation process.

4. Temporarily disabled Apple ID Email

Similar to the “Your Apple ID Has been locked” text message we mentioned; you may also receive the email version of this phishing scam.

image13 2

Source

The scammers will try to trick you into clicking the link to verify your account, which will lead to malicious websites trying to steal your data.

According to the source, the link sends you to a webpage almost identical to Apple’s official site, but there are some misspelled words and you are not able to click on any of the icons on the top. The person who raised a flag on Apple’s Discussion page correctly identified this as a phishing attempt, noticing all the signs.

5. App Store pop-up trying to steal your password

The last Apple ID phishing scam we are going to show you is only a simulation – the good news is that it hasn’t been spotted in real life as far as we’re aware. Yet, it proves how easy it would be for a fraudster to create a fake pop-up that looks identical to the one in the App Store.

image7 2

Source

Since users got used to entering their passwords every time they are asked to when interacting with an Apple app, they would do this by default whenever needed, without questioning if the pop-up is genuine or not. Who would suspect something like this, anyway? Especially when the screen looks identical to Apple’s.

So, you may be asking how you can protect yourself from spoofing emails. Felix Krause, the author of this proof of concept phishing attempt, advises us to press the home button to see if the app closes. If it does, this was clearly a phishing attack. If it doesn’t, this is a real system dialog and the explanation is that the system dialog runs on a different process and not as part of an app.

How to spot Apple ID phishing scams

We know that some phishing scams may be much more difficult to identify than others, but the signs will (almost) always be there. Below we’ve included a few warning signs that will help you spot phishing:

  • Spelling and grammar mistakes
  • Unprofessional email or website design
  • Suspicious email sender and recipient
  • Being asked to verify personal details via email or phone/text
  • Dubious links or shortened URLs
  • Shady email attachments

What security measures you should have in place

Here are some actionable tips for you to keep in mind, which can apply both to your Apple ID and online security in general.

  • Stay informed. Here are some resources you can subscribe to: Cyber Security for Beginners and The Daily Security Tip
  • Use browsers with built-in protection against phishing, such as Chrome. Also, consider using extensions that will increase your online safety.
  • Hover your mouse over links before clicking on them. If the URL looks suspicious, just DO NOT click on it.
  • Don’t open attachments from unknown senders.
  • Always keep your software up to date.
  • Protect every account that you can (including your Apple ID) with two-factor authentication.
  • Use proactive anti-malware protection, which filters and blocks malicious links.

Below we’ve also listed some official resources from Apple that you should go through if you’re using an Apple ID. It doesn’t matter if your account has been compromised or not, you should always stay on top of your online security.


And don’t forget to check out our in-depth anti-phishing guide!

Have you ever been targeted by scammers who tried to harvest your Apple ID information? Let us know what happened in the comments section below.

Comments

Cool, but, I think there’s one more thing. There’s also fake emails saying someone from a certain faraway place like Russia entered the correct password and that you cannot have access to it until you confirm that it’s your account. I had one of these in my Yahoo account (in the spam section) it caught me off guard. Though, I realized Apple would never address me as Dear (insert email). In addition, I never even traveled to Russia. So, I was like “What?!” Luckily, I didn’t confirm. It’s just staying put in my spam section till I block that email address that gave me this phishing email.

OK, I believe that I have something running on my iMac because it keeps asking me for my apple ID and it never recognizes it, so I change it and it locks me out. every time a repeat a password it tells me to enter a new one. How can I find out what is happening?

I had an email that told me it was an invoice for an app I didn’t purchase. I clicked the link to cancel the transaction and entered name, address, phone number, login and password. The link then asked me for my credit card info, at this point I suspected foul play and closed out. Fortunately, I was wrong on my password, because it wasn’t the correct one when I used my computer to personally find Apples website and log in from there. The email was opened on my phone. Do you think I have anything to worry about from the info I did give? Now that I think about it, my CC account is set to notify me of any online purchases, which obviously there were no charges. I also, after the fact, noticed that the time of purchase was in the future. I feel kinda dumb now.

hello, I received a word file which had an apple billing receipt that I did not like this one you have, but I click on the link, but it was not working, they told me says that the site took a long time to answer, I have to worry ?

I am getting calls regarding my iCloud account. Please shut down my account as I have medical and financial information on the account. Please notify me ASAP re status.

Thank you.

Hi Pam, We aren’t in any way associated with Apple and therefore are unable to delete your account. You can find more details on how you can do this yourself here: https://www.macrumors.com/how-to/how-to-delete-or-deactivate-your-apple-id-account/
Thanks!

Just had an email about my iCloud account being compromised. When clicking on the senders email address it was quite obvious it wasn’t Apple. Have deleted it

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP