How to Easily Spot and Avoid Apple ID Phishing Scams
A complete overview of phishing attacks targeting Apple users
You may be familiar with the concept of “phishing”, an increasingly complex form of cyber-attack. The tactics used involve sharing disguised links, usually included in emails, to trick you into providing sensitive information to malicious individuals.
Phishing is one of the most common types of online attacks and embodies social engineering tactics.
If you are completely new to this topic and would like to learn more, we encourage you to access our complete guide on phishing to understand what it is, how it works, and how you can protect yourself against it:
In this article, we are going to take a closer look at phishing attempts involving Apple IDs.
Today there are over 1.4 billion active Apple devices, which require Apple IDs to gain access to Apple services like Apple Music, App Store, iCloud, FaceTime, iMessage, and others. Also, think about the fact that you don’t even require an Apple device to access Apple-related software or services, such as iTunes or log in to Apple’s official website, so imagine the number of people who can be targeted.
Why are scammers trying to steal your Apple ID?
The reason is obvious – your Apple ID is your ticket to using anything Apple-related and stores a great deal of personal information.
- You use your Apple ID to log in to your Apple devices – think Mac, iPhone, iPad, iPod, Apple TV, and in the future you might even be using it for your Apple self-driving car, according to recent rumors.
- It includes your payment and shipping information for purchasing applications from the App Store and devices by logging in to Apple.com.
- With the Apple ID you can access your security settings, subscriptions, and in-app purchases associated with it.
- Your Apple ID is used to access iCloud, where you can store your photos and any types of files and the theft of these can lead to blackmailing and even sextorsion.
How fraudsters trick you into visiting Apple ID phishing websites
There are many forms of Apple ID phishing attempts out there.
In this article, we’re going to give you some examples so you get a sense of what they can look like and be better prepared against them.
1. Apple ID Receipt Order Email
In the subject line of this email, you will find included something like “Receipt ID”, “Receipt Order”, or “Payment Statement”.
The purpose of this scam is to trick you into thinking a payment has been made using your credit card. As a result, you may hurry into canceling the order, worried that your money has been taken. If the attached file is opened or if you click the link, most probably you will end up on a page where you will be asked to confirm your personal details, such as password, credit card details, address, etc.
One of our colleagues here at Heimdal Security came across this Apple ID phishing attempt multiple times.
This is how the email looked like:
Notice the sender and email recipient. Both lines look suspicious and they are clearly not from Apple.
The attachment included was an editable Word file – a reputable source like Apple would never send you something like this.
We opened it and here’s what it looked like:
When we hovered the mouse over the link, we noticed it would not redirect us to Apple’s website.
Thor Foresight blocked the page, warning us of the phishing attempt and malicious content.
Using DarkLayer GUARD and Threat to Process Correlation (TTPC), it instantly identified and stopped the attack process.
Warning: You should not try to open any malicious or suspicious links you receive, especially when you don’t have any anti-malware solutions installed on your device!
You may not have been fooled by this specific example since it doesn’t look like it came from a legitimate source. However, there are other Apple ID fake receipts that may seem much more convincing, like this one:
So stay alert, and look for the warning signs!
Moving forward, we’re going to give you a few more examples of Apple ID phishing scams so you know what type of content you should watch out for.
2. Apple ID Phone Call Scams
Apple ID scams have also gone beyond fishy emails and crossed over to the illegal business of scam phone calls.
Scammers have also tried to use spoofed phone numbers, which are displayed on your phone as a real Apple number, with Apple’s logo, official website, customer support number, and actual address. This way, the masquerade looks alarmingly real.
3. Apple ID Fake Text Message
Here is the second example of an Apple ID scam you may receive on your phone, this time in the form of a text message. It would read something like “Your Apple account is now locked” and will lure you into accessing a link which supposedly unlocks your account.
Here is another similar example, which aims to trick you into thinking your iCloud ID has been deactivated and that you now need to complete the activation process.
Yeah right. Here are my bank details …,, pic.twitter.com/kNBMgCwygK
— Jack Dee (@TheRealJackDee) May 2, 2016
4. Temporarily disabled Apple ID Email
Similar to the “Your Apple ID Has been locked” text message we mentioned; you may also receive the email version of this phishing scam.
The scammers will try to trick you into clicking the link to verify your account, which will lead to malicious websites trying to steal your data.
According to the source, the link sends you to a webpage almost identical to Apple’s official site, but there are some misspelled words and you are not able to click on any of the icons on the top. The person who raised a flag on Apple’s Discussion page correctly identified this as a phishing attempt, noticing all the signs.
5. App Store pop-up trying to steal your password
The last Apple ID phishing scam we are going to show you is only a simulation – the good news is that it hasn’t been spotted in real life as far as we’re aware. Yet, it proves how easy it would be for a fraudster to create a fake pop-up that looks identical to the one in the App Store.
Since users got used to entering their passwords every time they are asked to when interacting with an Apple app, they would do this by default whenever needed, without questioning if the pop-up is genuine or not. Who would suspect something like this, anyway? Especially when the screen looks identical to Apple’s.
So, you may be asking how you can protect yourself from spoofing emails. Felix Krause, the author of this proof of concept phishing attempt, advises us to press the home button to see if the app closes. If it does, this was clearly a phishing attack. If it doesn’t, this is a real system dialog and the explanation is that the system dialog runs on a different process and not as part of an app.
How to spot Apple ID phishing scams
We know that some phishing scams may be much more difficult to identify than others, but the signs will (almost) always be there. Below we’ve included a few warning signs that will help you spot phishing:
- Spelling and grammar mistakes
- Unprofessional email or website design
- Suspicious email sender and recipient
- Being asked to verify personal details via email or phone/text
- Dubious links or shortened URLs
- Shady email attachments
What security measures you should have in place
Here are some actionable tips for you to keep in mind, which can apply both to your Apple ID and online security in general.
- Stay informed. Here are some resources you can subscribe to: Cyber Security for Beginners and The Daily Security Tip
- Use browsers with built-in protection against phishing, such as Chrome. Also, consider using extensions that will increase your online safety.
- Hover your mouse over links before clicking on them. If the URL looks suspicious, just DO NOT click on it.
- Don’t open attachments from unknown senders.
- Always keep your software up to date.
- Protect every account that you can (including your Apple ID) with two-factor authentication.
- Use proactive anti-malware protection, which filters and blocks malicious links.
Below we’ve also listed some official resources from Apple that you should go through if you’re using an Apple ID. It doesn’t matter if your account has been compromised or not, you should always stay on top of your online security.
- What to do if you think your Apple ID has been compromised.
- Information around phishing and other suspicious emails.
- How to avoid Apple ID scams in general.
- How to identify legitimate emails from Apple.
- Details on your Apple ID security.
- Also, watch this video for a summary on how to identify, avoid, and report phishing:
And don’t forget to check out our in-depth anti-phishing guide!
Have you ever been targeted by scammers who tried to harvest your Apple ID information? Let us know what happened in the comments section below.