The Apple Phishing Scam: What It Is and How to Protect Yourself

That Apple email may not be real, don't click the link

As more people use iPhones every year, more scammers than ever utilize Apple phishing scams to take advantage of Apple users. These scams involve being contacted through email or over the phone by someone pretending to be an official Apple contact. The ultimate goal is to get access to your Apple account.

What Is the Apple Phishing Scam?

The Apple phishing scam takes various forms. Most often it comes in the form of a phishing email that appears to come from Apple. In other cases, it's a phone call. Every time, the goal is the same. Scammers want to either access your Apple account or get access to your bank account or other financial information.

A conceptual illustration of an Apple Phishing scammer.
Lifewire / Theresa Chiechi 

This particular scam involves scammers sending you an email or calling you and claiming that your Apple account has been compromised, incorrectly charged, or some other story. Ultimately the scammer will try to get you to enter information like your Apple ID password or credit card information.

How Does the Apple Phishing Scam Work?

This scam is actually comprised of several approaches that scammers take to exploit victims.

A typical Apple phishing scam may take any of the following forms.

  1. You receive an email that you were incorrectly charged by the Apple App Store. The email subject will usually read something like "Your receipt from Apple". The email is crated to appear like an authentic Apple Apps Store receipt email for a purchase that you didn't acctually make.

    The goal of the email is to get you to click on any of the links which will take you to a fake Apple Store login page. Once you enter your credentials, the hacker will have access to your Apple account and all of the personal information it contains.

    Screenshot of the Apple Store login page
  2. Another common Apple phishing scam is an email that seems to come from Apple asking you to update your account or your credit card information. The email provides a link to use. It'll take you to a fake login page which, again, will capture your Apple login information.

    Screenshot of a fake Apple phishing email
    Epoxydude\Getty Images 
  3. Pop-up ads appear as device error warnings. These ads will appear while you're browsing the web and state that there's a problem with your Apple device. The ad will provide a tech support number for you to call, or an app for you to download so that you can fix the error.

    If you do make the mistake of calling the number, the person at the other end will try to get you to provide your Apple account ID and password. If you click on the ad and download the app, it'll infect your device and launch a window attempting to get you to log into your Apple account.

    Picture of a system erorr popup
  4. Scammers will call you from a fake phone number that appears to be a legitimate Apple help line, including the Apple logo. Once you pick up, scammers will inform you that your account has been compromised and that you should call a second number for more information.

    Once you call the second number, scammers will convince you to provide them with either credit card information, or your Apple account password.

    Picture of an incoming unknown caller
     Tero Vesalainen\Getty Images
  5. All of these approaches are methods used by scammers to trick you into either giving up your Apple account password, or providing bank or credit card account information so that they can drain all funds from those accounts.

How Do Apple Phishing Scammers Find Victims?

There are several ways scammers find victims for their phishing scam. Ideally, they'll want to locate Apple users. This is accomplished in the following ways.

  • Scammers purchase phone lists from businesses of customers who've shared their phone numbers in return for discount or coupon notifications.
  • Scammers purchase email lists from businesses. This is far more common since so many customers now share their email address with companies they do business with.
  • Searching Apple store reviews is a common approach scammers take to locate the identity of Apple users who would be likely to fall for these scams.
  • Often, scammers don't waste time "finding" victims. They just purchase mass email lists and send bulk phishing emails to the entire list.

How Do I Avoid Getting Involved in This Scam?

You can steer clear of Apple phishing scammers by keeping your information private. A few other things you can do to protect yourself include:

  • Never click a link in an email you receive from Apple. Instead, log directly into your Apple account to check messages and see if there's an actual issue with your account.
  • If you receive a phone call from Apple tech support claiming there's an issue with your account, hang up and call Apple tech support directly. Confirm that there really is an issue before moving forward.
  • Avoid clicking on any popups you see while browsing the internet, claiming there's an issue with your Apple account. Apple doesn't utilize pop-up warnings to alert you of issues. Usually you'll receive a direct SMS or email from Apple. Even then, never click email links. Log into your account using your browser instead.

I’m Already a Victim. What Should I Do?

If you've made the mistake of clicking on one of those links in a phishing email, there are a few things you should do immediately.

  1. Report the phishing email to Apple. Apple investigates situatoins where scammers are fraudulently sending emails as though they come from Apple. If you're using OS X Mail, you'll need to select Forward As Attachment from the Message menu and send it to reportphishing@apple.com. In Gmail or Yahoo Mail, you'll need to select View raw message and then copy and paste the message into your email to Apple.

    Screenshot of viewing raw message in Yahoo Mail
  2. If you've already provided your Apple ID and password to scammers, immediately visit the Apple ID web page, log in, and reset your password to something else.

    Screenshot of the Apple ID login page
  3. If you've had your Apple account or your bank or credit card accounts broken into, file a complaint with the FBI's Internet Crime Complaint Center (IC3). This will ensure that if the scammer is attempting to defraud a large number of people, the FBI will take notice and hopefully prosecute the scammer.

    Screenshot of the FBI's IC3 center
  4. If you haven't already, enable two-factor authentication on your Apple account. This will ensure that even if someone ever gets your password, they still won't be able to get into your account without your cellphone.

How Do I Avoid Being Targeted for Apple Phishing Scams?

Since this scam almost always involves scammers reaching out to you first, protecting yourself from becoming a target is very simple.

  • Keep your email address private. Whether it's signing up for a mailing list or for discount alerts with your favorite business, sharing your main email address is bad news. Use a "junk" email account for those purposes and keep your main email account private.
  • If you receive a call about your Apple account, hang up and call Apple customer support directly to ask them if there is really an issue.
  • Don't provide your phone number. Commercial businesses collect phone numbers for "rewards" and other perks, but many of those businesses sell phone lists for extra revenue. Scammers purchase phone lists for use in their scams.
  • Avoid public reviews. When you review an app in the Apple store, scammers can identify you as an Apple user. If you do feel the need to review an app, do so with a fake name and using your "junk" email account if possible.
  • Never click on any Apple popups on your computer. Apple will never alert you of an issue with your account that way.

While these actions can't guarantee the scammers won't get a hold of your information to contact you, it'll at least reduce the odds significantly.