- New phishing scam looks like an official email from Apple
- Links to a fake Apple login screen that steals your credentials
- Double-check that the email is from an Apple.com address
Scammers are always trying new tactics to steal your personal information. The latest phishing scam is no exception: Cybercriminals are sending emails that appear to be from Apple, claiming that your Apple ID has been suspended, requiring urgent action.
The email, which seems convincing, demands that you take action to restore your suspended Apple ID (which has been renamed your ‘Apple Account’ as of iOS 18). Clicking on the link in the email will take you to a fake Apple login screen. If you enter your information here, hackers will steal your login information and potentially gain access to your Apple account.
Depending on how secure your Apple account is set up, your username and password could allow these cybercriminals to make fraudulent purchases using your saved payment methods. They can also give them access to personal data such as files and photos stored in your iCloud account.
The scam is based on all the techniques used in classic phishing scams. The email is designed to look exactly like an official email from Apple, with logos, colors and fonts that make it very believable. This consistency is intended to earn your trust.
The account warning also causes an emotional response. You may experience anxiety or panic at the thought that your Apple ID has been suspended. This is the hook that can make you take action. The scam combines this with a sense of urgency, forcing you to act quickly to recover your account. The idea behind this is to make you act hastily and overlook any inconsistencies in the email.
Don’t take the bait
With more than two billion active Apple devices worldwide, it’s no surprise that scammers are targeting users of these products. Whether you own an iPhone, an iPad, a MacBook, or something else, an Apple ID is your key to the Apple ecosystem. If this is compromised, cybercriminals could potentially gain access to a wealth of your data.
This isn’t the first Apple ID scam we’ve seen: earlier this year we reported on a text message attack that attempted to steal user data. As phishing attacks become more common, complex and difficult to detect, especially through the use of artificial intelligence, we don’t expect Apple ID (or Apple Account) scams to go away anytime soon.
TL;DR How do you stay safe?
1. Check the email address (Apple emails end with ‘@email.apple.com’).
2. Look for inconsistencies in the email (such as grammatical errors).
3. Please note that Apple will never ask you to log in to a website.
4. Enable two-factor authentication for extra security.
There are a few things you can do to keep yourself and your Apple ID safe. When you receive an email about your Apple ID, first check the address the email was sent from. If it is a real email from Apple, the account will end in @email.apple.com. If that is not the case, there is almost certainly fraud.
Secondly, you should also thoroughly check the email for inconsistencies. Look for spelling mistakes, grammatical errors and formatting problems; These are all clear signs of a fraudulent email.
As a general rule, you should view account alert emails with a healthy dose of suspicion. Apple published an article on how to protect yourself from scams, in which it offers the following advice: “If you are suspicious about an unexpected message, phone call, or request for personal information, such as your email address, phone number, password, security code, or money, it is safer to assume it is a scam. If necessary, please contact that company directly.”
Apple also makes it clear that it will never ask you to log into a website, enter your passcode, or bypass two-factor authentication. If an email asks you to do any of these things, you know it’s a scam.
If you think an email you received about your Apple ID is not authentic, do not click on any links in it. Instead, you can forward this email to reportphishing@apple.com and then mark the message as spam.
If you think your Apple ID has been hacked, you should change your password by going directly to the Apple website. It’s also good practice to enable two-factor authentication, which makes it much harder for hackers to access your Apple account, even if they have your username and password.