I’ve noticed these types of scams for awhile: email messages (supposedly) from Apple purportedly about a payment or Apple ID or login from another device (which in fact you may not own). More and more email apps (especially on mobile devices) do not permit examination of the raw message text, which often permits detection of the fraud. So, what to do?
This Vipre Security News blog post (March 16, 2018) is a good summary of the situation: “Apple Phishing Attacks Prompt Advice From Tech Giant.”
Apple customers don’t get phished quite as much as Microsoft ones, but they do face a fairly annoying variety and frequency of fake emails. The problem stems from the fact that Apple sends emails to its customers quite regularly, thereby making the millions of Apple customers juicy targets for the bad guys.
There are three basic fake emails going around. The first appears as an email invoice for your “recent Apple purchase.” Another is a “Reminder” notifying you of an account login from an iPad in Monaco. The third, and possibly most alarming, is a text message informing you that your Apple ID is expiring today.
If you’re not sure whether an email about an App Store, iTunes Store, iBooks Store, or Apple Music purchase is legitimate, these tips from Apple may help.
As in all phishing scams, these fake messages want you to click on a link or open an attachment (which may include further fake links) and then trick you into providing personal or account information — which (genuine) “App Store, iTunes Store, iBooks Store, or Apple Music purchases will never ask you to provide.”
Checking or updating any account or payment information should only be done in the Settings on your Apple device.