We stand with Ukraine to help keep people safe. Join us

Tags iOS Security Identity Theft

How to Identify and Prevent Apple ID Phishing Scams

Have you ever received an email from someone impersonating Apple? The answer is most likely yes. Scammers are constantly trying to get ahold of your passwords so they can make some easy money. By using Clario’s security app, you can let us be your first line of defense. Clario will shield you from phishing attempts with 24/7 data breach monitoring and built-in browsing protection.

Table of contents

What is an Apple ID phishing scam?

Phishing is a trick used by hackers to try and obtain sensitive personal data from you, which they can use to execute more sophisticated scams. Data such as passwords, social security numbers, and banking information is often the most targeted in such tricks.

 

Hackers pose as Apple to lure you into thinking there’s a legitimate reason for them asking for such information. Messages from these imposters will usually contain a website URL that leads you to a forged website, where any entered details are sent to the hacker. Apple ID phishers specifically target your Apple ID and password in order to access Apple services such as the App Store, iMessage, iCloud, and Apple Music.

Why do scammers target your Apple ID?

If a scammer is able to steal your Apple ID credentials, then you are handing over access to your contact information, addresses, banking information — all information that is probably best kept private. When you unknowingly give a stranger access to your iCloud, you are allowing them to probe deep into your files, documents and photo history. Scammers will rely on finding private information or media which can be used to extort money from you.

Types of Apple ID phishing scams

Apple ID scams come in a range of different forms. Scammers are constantly innovating and inventing new ways to steal your information. As one scam is exposed, and people become wise to it, another will take its place. This constant development makes it harder for the public to stay protected.

Apple ID receipt email

An Apple ID receipt email involves you receiving an email from an Apple imposter claiming that a purchase has been made by your Apple ID. Attachments can be sent with the Apple ID scam email to increase the believability of the trick, and to entice you into signing into your Apple ID through their falsified link. Once you enter your details, they will be saved and sent to the scammer.

Fake invoice email example sent by scammer

Disabled Apple account notification

One of the more common phishing scams, involving your Apple ID, is a strategy in which a scammer sends an Apple phishing email to your account, telling you your Account has been locked. A decoy website link will be attached to this email in hopes that you click the link and try logging into your account, thus sending your password to the scammer.

An example email of a scammer impersonating Apple

Apple ID fake text messages

Scammers utilize many different forms of phishing techniques, hoping to catch you off guard. Fake text messages can be sent to your phone, often with an alarming statement such as ‘Your Apple account is now locked’. This technique is used to instill panic in the account holder and blur their rational thinking. These messages will often direct you to a link of a fake website asking you to input your account details, or to the scammers phone number where they will try to extract your account details from you over the phone.

Text message from Apple impersonator

Apple ID phone call scams

Scammers are able to disguise their Caller ID with the official Apple name and logo. This makes the illusion that much more real. The effectiveness of this scam really depends on how convincing and confident they are on the phone, making it harder to spot the scam. The best approach to identifying these scams is to disconnect the call, and dial the official Apple support number back to ask if they had just phoned you.

Scammer cloning Apple details on their Caller ID

App store pop-up asking for your password

App store pop-ups show up so regularly when interacting with your phone, that it becomes natural to just enter in your password whenever prompted to do so. This can be dangerous should a scammer find a way to send a pop-up directly to you.

Comparison between official Apple Pop-Up and scam one

Fake calendar invitation

If an invite is sent through to your Calendar or Mail that you aren’t expecting, it’s best to take a moment and analyze the invitation. Delete fake calendar invites so scammers don’t gain access to your private information.

Notification sent to iPhone by Scammer

iPhone locked

Finding yourself in this situation is never usually good news. Perhaps you have already fallen victim to one of the scams above, and now the scammer has got your Apple ID credentials. So what happens next? The scammer will usually look to register your phone as lost, activate the “Find My iPhone” settings, and threaten to keep you locked out of your phone unless you pay them to relinquish back control of your device.

Notification sent to iPhone that it has been locked

Your mobile iPhone is often the hub of your life. Countless hours are spent scrolling through your phone, but what you may not realize is just how much information you have saved on your iPhone. This makes it a very lucrative target for scammers to try and gain access to your device for their own monetary gain. Keep on reading to find out more about Apple ID scams and how you can prevent them.

How to identify an Apple ID scam?

Spotting an Apple ID scam without prior awareness of what to look for can be tricky. Follow this list of helpful hints and know what to look out for next time:

  1. Unusual email senders The team at Apple would come up with a more professional sounding email then appleid@apple.id.com. If it doesn’t look legit…it probably is an Apple ID spam email.
  2. Typos “Hello  friend,we come wit bad news”, either Apple have dropped their copywriters standards immensely, or you have caught yourself a scammer. Keep a close eye out for spelling mistakes, grammatical errors, or incorrect spacing to identify potential scam messages.
  3. URL shorteners Unless you receive links that send you directly to apple.com or other official website addresses, you shouldn’t trust the link. Official Apple emails will never contain link shorteners like Bitly.
  4. Urgency — Slow down, what’s the rush? If you notice unnatural urgency in a message then take a moment to think, why is the sender trying to make you respond so quickly? Chances are they don’t want you to stop and notice other tells in this list.
  5. Attachments — Attachments are often the gateway for scammers to gain access. Don’t download anything or click external attachments without verifying it first.
  6. Verify requests — Apple employees will never ask you for your personal details. If you are being asked private questions about your social security number or credit cards, don’t engage in the conversation.
  7. Generic greetings — Apple will have your name on record and will address you by it when contacting you. If a message refers to you as Sir/Madam/Friend, there’s a high possibility that message is a scam.

Top tips on how to identify and prevent an Apple ID scam

The best way to prevent yourself from falling victim to an online scam is by staying alert. If a matter concerns highly targeted private information or credentials, then take extra care. There is no harm in contacting Apple yourself if you encounter a message that you cannot clearly identify as a threat. Afterall, it is better to be safe than sorry. Use these key principles to stay ahead of the scam:

  • Always check the URL
  • Don’t use the same password across multiple sites
  • Update passwords routinely
  • Install antivirus software on your device
  • Keep web browsers up to date
  • Make sure you have the latest version of your operating system
  • Never share your Apple ID password with anyone

The best way to prevent yourself becoming a victim of one of the scams above is to have an expert in your corner to protect you. 

How to protect yourself from an Apple ID phishing scam

Clario's safe browsing feature, a.k.a. web protection, is a Safari extension that will check every website to prevent you from clicking a dangerous link.

 

Follow the instruction below to protect your browsing experience:

  1. Download the Clario app
  2. Open Clario on your iPhone and set it up
  3. Tap Browsing
  4. Toggle Check links switch under Web browsing
Clario's web protection

     5. Click Set up

Clario's web protection

     6. Follow the comprehensive instruction

Clario's web protection

 

Clario's web protector tells you if a link is safe to click on, so you can always be sure — as long as Clario is on, you will not fall into a phishing trap.

 

In case you suspect you have become a victim to an Apple ID phishing scam, use Clario’s data breach monitor, It will tell you if your information has been leaked online, giving you the edge over a scammer to change your passwords and resecure your accounts — before it’s too late.

 

Here’s how to use it:

 

Step 1. Download Clario app and set it up on your device (this feature is available on iOS, MacOS, and Android)

Step 2. Toggle the Data breach monitor switch

Clario app for Mac

Step 3. Add the email address you want Clario to monitor

Clario data breach monitor

In case of a data breach, Clario will instantly alert you on leaks of your passwords, credit card number, phone number, or SSN. The app will also guide you on how to re-secure your accounts to avoid ID theft.

 

By leaving the Data breach monitor switch on you allow Clario to monitor your emails for data breached 24/7.

Keep reading

Protect yourself online and stay one step ahead of Apple ID scammers.

Get started