How to spot an Apple email phishing scam with examples

Your Apple ID password is important. If you’re an Apple customer, the chances are that this is the password needed to access most of Apple’s services such as the iTunes Store and your iCloud data.

So it comes as no surprise that lots of phishing scams appear to come from Apple, asking recipients to click links to spoof websites designed to look like the Apple website. Most of these phishing scams are conducted through email.

In fact it was these scams that were partly responsible for allowing computer criminals to access all those celebrity accounts back in 2014 when the nude photo scandal (dubbed Celebgate) hit the mainstream news.

Phishing scams work by pretending to be a legitimate entity in order to trick the victim into revealing personal or sensitive information. Obviously in this case that legitimate entity is Apple. Scammers will send emails to recipients that look like they’re from Apple and will typically request the recipient click a link. This link – unbeknownst to the recipient – leads to a spoof webpage that looks like it belongs to Apple. It will ask for the recipient’s Apple ID and Password in order for them to login.


Sponsored Content. Continued below...




Once entered, that information is sent to the scammer. If the recipient doesn’t have any additional security layers enabled (like two-factor authentication) then the criminal now has access to that users Apple services. This can potentially mean they can make purchases on iTunes or the iOS store, or even access your iCloud information which may have all your iPhone photos and videos stored on it – and yes that is how all those nude celebrity photos were leaked.

Phishing scams are classic social engineering scams. This means the scammer is trying to trick the victim into handing over their own sensitive information. With email phishing, this is done by fooling the victim into believing the scammer is actually Apple, and that they need to click a link and enter their login information. How do scammers do this? Below are some classic Apple phishing scams that have landed in victims inboxes in the past…

In all the below examples, the links lead to a spoof website that asks for the recipients Apple ID username and password.

apple-phish1

This email claims the recipient has tried to access their accounts from several different locations and needs to verify their information by clicking a link.

apple-phish2

This email implores the recipient to confirm their iTunes ID since it is nearing expiration. Failing to confirm will mean it will be “destroyed”. (In reality Apple doesn’t set a limit on accounts.)

apple-phish3

Again this email purports that an account will be “frozen” after 48 hours unless the recipient clicks the verification link to validate their account information.

apple-phish4

This email threatens account suspension unless the recipient clicks the link to validate their account information.

apple-phish5

This email claims that the Apple account is locked after an attempt by an unrecognised device to access it and demands the recipient unlock their account by clicking the link.

apple-phish6

And lastly, this email purports that the recipient’s iTunes account made a recent purchase and provides a link for the recipient to click if they did not make any purchase. (Which of course the recipient didn’t.)

In all the above examples, the emails make it appear that they came from Apple. They may have a From: address associated with Apple and contain the Apple logo or design. However in all these cases the links will not take the recipient to the Apple webpage, but rather a spoof webpage, and this is ultimately how you know if an email is a phishing scam or legitimate.

If in doubt, go directly to the Apple website and avoid clicking on links in these emails, which is coincidentally the same advice for all emails, whether they appear to come from your bank, eBay, PayPal, Facebook or anywhere else.

Read our article on Facebook phishing scams here.