Apple is one of the most popular tech brands out there, so it’s not surprising that Apple scams are popular, as well. Criminals have targeted the many devices made by the Cupertino, California-based company in so many ways that consumers need to stay vigilant.
Many of the more sophisticated phishing scams center around stealing Apple IDs, the identity authentication needed to access your devices.
Don’t get hacked: Beware of these Apple scams
Over the past several years, smartphones have caused many people to let their guard down — so of course scammers are taking advantage of the fact that many people will open just about any text or email they receive on their phone.
In fact, criminals are still finding effective ways to target consumers using many of the same old tactics that have been around for a whole lot longer than smartphones.
Criminals using identity theft fears to target Apple users
There are several attacks making the rounds that are specifically targeting people with iPhones, iPads and Mac computers.
The scam works a couple of different ways:
- Someone calls you pretending to be from Apple claiming that there has been a breach in the system — and they need your personal information to verify your account.
- Scammers send you an email or text that appears to be from Apple — saying that you’ve been the victim of a breach and you need reset your Apple ID account by clicking on the link provided in the message.
If you click on the link, it immediately gives the scammers access to your Apple account, including any stored personal and payment information.
In the scam phone call, the caller claims to be from Apple’s support team and tries to trick unsuspecting victims into handing over access to their computer or account over the phone.
One of the more virulent Apple scams involves baiting users to hand over their Apple ID and password.
According to the New York Times, potential scam victims receive an email from “Apple iMessages” — saying that their username and password had been used to gain access to another iPhone.
How your Apple ID can be compromised via email
According to the Better Business Bureau, scammers are sending people an email that appears to be from Apple ID Support, iTunes or iCloud.
It prompts you to download an attachment or click on a link that will then ask you to enter your Apple ID account information — in order to “verify” your account or regain access to your account. In some cases, people have even been asked to provide their credit card and other personal or financial information. Don’t do it!
How thieves are stealing money with your Apple ID
In October 2018, we told you about incidents in which hackers were stealing Apple IDs and siphoning big money from iPhone users. The scam works by accessing payment information from credit cards tied to iPhones.
The theft happened in China and was reported by mobile payment platform Alipay.
According to Bloomberg, Alipay “warned users that’ve linked their Apple identities to any payment services, including Tencent’s WePay, to lower transaction limits to prevent further losses. Tencent said in a separate statement it too had noticed the cyber-heist and reached out to the iPhone maker.”
Beware of other iMessage and Apple ID hacks
Another scam involves “hack attacks” tied to users’ iMessage and Apple ID accounts — and the scam appears on both computers and smartphones.
Users reportedly receive messages, written in foreign languages, to their iMessage account from a foreign phone number. Then they receive a notification from Apple that their Apple ID is being used on another device.
The notification only provided one option — to click “OK.” Then after clicking that button, the user’s iMessage account would be flooded with messages from a foreign number, with text written in Chinese.
If you think your Apple ID may have been compromised, Apple has a resource page with more information.
Read more: 5 ways to make your iPhone more secure
7 ways to protect yourself from iPhone & Apple ID scams
The reality is, there are new threats to your privacy and security every day — so it’s crucial to make sure you take the right steps to protect your personal information.
- Just hit delete! Ignore instructions to confirm your phone number or visit a link. Some scam texts instruct you to text ‘STOP’ or ‘NO’ to prevent future texts. But this is a common ploy by scammers to confirm they have a real, active phone number.
- Read your phone bill: Check your phone bill for services you haven’t ordered. Some charges may appear only once, but others might be monthly ‘subscriptions.’
- Check accounts frequently: You should check any account that contains your personal information on a consistent basis. That way you can spot any potential fraud before it causes serious damage.
- Know your rights: Real commercial text messages must provide a free, easy way for you to opt out of future communication. Learn more here.
- Know how to combat spam texts:In Canada, an anti-spam law covers text messages. Learn more about reporting and fighting spam here. In the U.S., forward the texts to 7726 (SPAM on most keypads), but don’t click any links. This will alert your cell phone carrier to block future texts from those numbers.
- Watch out for look-alike URLs: Just because a URL has the name of a real company in it, doesn’t mean it’s legitimate. Anyone can register a sub-domain (realcompany.website.com) or similar URL (realcompany1234.com).
Bottom line: Even if a message appears to be from a trusted source, don’t trust it!
If you receive a message from an unknown number, delete it! Don’t open it, don’t click anything — just delete it. It’s better to be safe than sorry.
If a company needs you to update your profile, you should be able to find that information by logging in to your account separately through the official site — or by calling the company directly.
More resources to protect yourself:
- Why you need two-factor authentication and how to set it up
- Our full list of recommended password manager sites and tools