March 12, 2018 | 5 min read
How to Identify App Store and iTunes Phishing Scams
Last week thousands of Apple users started receiving fake emails pretending to come from Apple, as Hotforsecurity reports. The scam email notified about the fake subscription renewal and prompted to cancel it by following a link. Basically, a user was offered to cancel an order he hadn’t really made. Next, you needed to confirm the cancellation by entering your personal data like Apple ID or credit card details.
Essentially, the scam email poses as an official message from the App Store offering details of the new subscription agreement. It looked pretty convincing, though – the screenshot* below shows a legit Youtube subscription confirmation on the left and the fake one on the right.
See the difference? They look similar at first sight, so let’s take a closer look to spot the signs of the scam. First, verify the sender’s address. The genuine email must use only the Apple domain @apple.com. Whenever you hesitate if the sender is legitimate, contact Apple directly by emailing to firstname.lastname@example.org.
Fortunately, Apple has quickly detected the issue and published their recommendations on how to identify legitimate emails from the App Store or iTunes. The key thing to remember is that App Store, iTunes, iBooks Store, or Apple Music will never ask you the following details:
Full credit card number
Credit card CCV code
Social security number
Mother’s maiden name
What’s more, Apple specifies that its genuine purchases receipts always include your current billing address which scammers scarcely know.
Finally, you can always check your purchase history in the App Store or iTunes Store to make sure which items you’ve bought and which you haven’t. To do so, use the instruction on the Apple official website.
In case you’ve somehow shared any of your sensitive data with scammers, the very first step is to immediately change your Apple ID (see a step-by-step guide here.) When creating a new password make sure it's strong enough. Setting up the two-step verification for your Apple ID is a good idea too (here’s how to do that.)
Apple suffers from phishing scams and frauds just like any tech giant does. Cybercriminals often target Apple users because of their huge brand loyalty, but if you think well before giving away your personal data hackers will fail. Share your experience concerning Apple phishing attacks in the comment section.