How to Identify App Store and iTunes Phishing Scams

Popular articles

12 / 03 / 2018

How to Identify App Store and iTunes Phishing Scams

Feel safe when opening emails from Apple? There’s no reason why you shouldn’t as long as it’s a genuine Apple email. Check our brief security report and find how to spot scammers before you take the bait.

Last week thousands of Apple users started receiving fake emails pretending to come from Apple, as Hotforsecurity reports. The scam email notified about the fake subscription renewal and prompted to cancel it by following a link. Basically, a user was offered to cancel an order he hadn’t really made. Next, you needed to confirm the cancellation by entering your personal data like Apple ID or credit card details.

Essentially, the scam email poses as an official message from the App Store offering details of the new subscription agreement. It looked pretty convincing, though – the screenshot* below shows a legit Youtube subscription confirmation on the left and the fake one on the right.

See the difference? They look similar at first sight, so let’s take a closer look to spot the signs of the scam. First, verify the sender’s address. The genuine email must use only the Apple domain @apple.com. Whenever you hesitate if the sender is legitimate, contact Apple directly by emailing to reportphishing@apple.com.

Fortunately, Apple has quickly detected the issue and published their recommendations on how to identify legitimate emails from the App Store or iTunes. The key thing to remember is that App Store, iTunes, iBooks Store, or Apple Music will never ask you the following details:


  • Full credit card number

  • Credit card CCV code

  • Social security number

  • Mother’s maiden name


What’s more, Apple specifies that its genuine purchases receipts always include your current billing address which scammers scarcely know.

Finally, you can always check your purchase history in the App Store or iTunes Store to make sure which items you’ve bought and which you haven’t. To do so, use the instruction on the Apple official website.  

In case you’ve somehow shared any of your sensitive data with scammers, the very first step is to immediately change your Apple ID (see a step-by-step guide here.) When creating a new password make sure it's strong enough. Setting up the two-step verification for your Apple ID is a good idea too (here’s how to do that.)


Apple suffers from phishing scams and frauds just like any tech giant does. Cybercriminals often target Apple users because of their huge brand loyalty, but if you think well before giving away your personal data hackers will fail. Share your experience concerning Apple phishing attacks in the comment section.


* Source