This is how you recognize phishing messages that appear to be from Apple

0
99

Criminals regularly send out phishing messages disguised as Apple email. They are designed to steal your credit card, passwords, and other personal information through your Apple ID. How do you recognize phishing e-mails and how do you distinguish them from official e-mails from Apple? We explain what you should pay attention to.

Apple phishing: you need to know this

If you get an email with the Apple logo, it doesn't mean it's genuine. Phishing emails have become increasingly sophisticated in recent years, and the Apple logo and company name are often misused to make it as ‘real’ seem possible. In a support document, Apple explains what to look out for, but there are even more ways to recognize phishing emails.

  • Latest phishing
  • What is phishing?
  • Steal Apple ID
  • Recognize
  • Investigate
  • Fake Invoices

Latest Apple phishing: “iCloud is full”

We have received reports from several readers that a new form of Apple phishing is currently going around. Users will receive an email with the subject “ATTENTION: All storage used.” In the opening lines you are addressed as ‘Dear Apple customer” and the text in the e-mail itself is also full of spelling errors and strangely formulated sentences. There is talk of a (non-existent) loyalty program that could give you an extra 50GB. So do not click on the link and do not enter any information, because it will only be used to steal your account. Below is a screenshot of the spam email.


Screenshot via @DennieBoy

In addition, hackers are using more and more tricks to tempt you to enter information from your Apple ID. For example, there are websites that send push messages as if they came from your Mac System Settings. With a matching icon, it looks like you're being warned about a hack or virus. But remember, your Mac never warns you about a hack like this, especially with a link to some sketchy website.

What is phishing?

Phishing is a widespread method used by criminals to steal personal information from you on the internet. The method is surprisingly simple: you receive an email that tries to persuade you to click on a link or log in to a spoofed web page. If you do this, criminals can retrieve information from, for example, your credit card, PayPal account, bank account number or PIN.

The iCulture editors regularly receive warnings that new phishing emails from ‘Apple’ circulate. In addition, people receive an email that appears to be from Apple. If you click on the link in the email and sign in with your Apple ID, criminals can retrieve your Apple ID information. In this way, they could make purchases or request data from other internet services. In this tip we explain how you can recognize Apple phishing.

Phishing emails want to steal your Apple ID

Make no mistake, a phishing message trying to steal your Apple ID can be very convincing. The email is often written in Dutch and includes an Apple logo. The email is often formatted similar to real Apple email messages. But the message is always that you have to go to a website to do something with your Apple ID. Below is an example of a phishing attempt masquerading as ‘an email from Apple’:

How do you recognize phishing from Apple?

Using the example above, we explain how to recognize that this email is fake.

  • The name of the sender is ‘Apple’, but if you look at the email address used, it doesn't end with @apple.com. But even if it says @apple.nl, it could be wrong. Note that criminals can easily spoof the sender and thus use a valid apple.com email address. So don't use this as the only check!
  • The subject of the email is unclear and calls for action.
  • Apple NEVER disables your Apple ID, especially because you are ‘on a different IP address’ would have done anything.
  • Apple will NEVER ask you via email to verify or change your payment information. Let alone they would do this via email…
  • The email contains outdated formatting or old logos that Apple hasn't used for a while.
  • Sometimes phishing emails look sloppy. In the above e-mail message ‘IP-Address’ written with a capital A and there is no full stop after the sentence. The sender (‘apple’ with a small a) also looks suspicious. You sometimes have to look carefully and pay attention to small language errors, because phishing messages look more and more realistic these days.
  • The address at the bottom of the e-mail is from Apple, but contains spelling errors and uses incorrect abbreviations.

With a lost or stolen iPhone, criminals can try to retrieve your Apple ID information by sending emails via lost mode asking you to log in with your Apple ID. Always check that the link is really from Apple. Apple will never just ask you to log in somewhere on a separate page to get your device back.

Investigate phishing link further

Based on your this first check has found that there is phishing, then you know that you should not click on the link. But sometimes further investigation is needed.

You can't see the URL for the link in the email. That's strange, because Apple always shows them these days. You can always check the URL of a link in Mail on your Mac by hovering over it. On iOS, you can also see the linked web address with a long press on the link. If you wait a moment, the URL to which the link points will appear. Is this some weird unknown address that won't send you to apple.com? Then you have almost certainly received a phishing message.

In our tip Using a Phishing filter on the iPhone and iPad you can read how to set up the necessary filters in Safari that warn you about fraudulent websites.

See also

Using Safari Phishing Filter on iPhone and iPad

Safari on iPhone and iPad has a phishing filter. This prevents your personal information from being stolen by the website. In this tip you can read how to set this filter so that you are better protected.

Fake invoices from Apple

Phishing e-mails often try to worry you, for example by saying that your account has been blocked or has been misused. But it also happens that you receive a fake invoice, which gives the impression that something has been wrongly charged. You can supposedly solve this by clicking on a link, but in doing so you are passing on your personal data to criminals.

A real invoice should always include your last known billing address, so keep that in mind. Often the criminals do not have that. Also, Apple never asks for your social security number, your mother's maiden name, your full credit card number, or your credit card's security code.

If you want to know exactly what has been charged, it is better to manually view your iTunes purchase history. Preferably do this in an environment that cannot be accessed by criminals, such as via the App Store app on your iPhone or Mac.

Also see

View previous App Store purchases: how to find your purchase history

What apps have you purchased before? View your purchase history in the App Store on your iPhone and iPad. You can reinstall any apps you previously downloaded at no cost if you use the same Apple ID. This tip explains how that works.

What to do if you have clicked?
Do you think you are a victim of Apple phishing and have you entered sensitive data on a wrong website? Then the first advice is to change your Apple ID password right away. To update that password, it is best to manually type appleid.apple.com into your browser.

If you have received suspicious phishing emails, please forward them to reportphishing@apple.com.

View our complete iPhone tips overview. With hundreds of iPhone tips, we discuss almost every setting and possibility!