The Latest Apple Phishing Scam

Everything you need to know

Apple is the most recent major company to be hit by a phishing scam. iTunes users are now receiving an email that looks startlingly legitimate, and many are falling for a scam that not only drains their iTunes account, but also can wreak havoc on their banking life. Since iTunes accounts often contain sensitive data, hackers can easily access everything from banking details to personal addresses. 

While many people believe phishing scams are on the decline due to consumer education, they are actually on the rise. 2018 saw a significant increase in phishing scam attempts, ranging from emails claiming to be from law enforcement to emails that ask users to enter their password and username into spoofed websites. 

How Does the Scam Work?

The Apple phishing scam is a relatively new spin on the same old scam. Users receive an Apple iTunes receipt claiming they have made a purchase. At the bottom of the invoice, there is a link to dispute the chargers/see the complete invoice. 

Users who do not remember making a purchase will often click the link. Once you click the email link, you will be taken to a spoofed website that mirrors the official iTunes site. From there, you will be prompted to enter your Apple ID and password.

There are several takes on this particular phishing scam, and one even asks users to verify their identity by entering credit card data and even Social Security numbers. For the unlucky individuals who fall for the scam, their entire identity can be stolen. For those who give up their ID and password, hackers can drain iTunes accounts and even make gift purchases. 

How Can I Protect Myself?

While the Apple phishing scam is a particularly sophisticated one, there are several ways to protect your data. 

1. Before you open any email from an unknown source, take a look at the email address. Many times scammers will use email addresses that are just one letter off from the official company address, or the email address will be long and non-sensical.
2. Never click a link from an unknown email address, even if the email professes to be from a company you deal with. 
3. Remember that your bank, cell phone provider, and subscription service providers will never ask you to send your password or account details via email. 
4. When in doubt, always enter a known URL into your browser. Instead of clicking a link provided in an email, manually go to your browser and enter the correct URL. Always double check to ensure you are spelling the URL correctly. 
5. If you ever happen to fall for a phishing scam, immediately change your user name and password. If the phishing scam targeted an account that has your banking credentials, call your financial institution to report the issue. They may suggest you shut down your debit card. The bank will be happy to issue a new number or place a flag on your account to ensure unauthorized charges don't slip through. 

How Prevalent are Phishing Scams

While Apple is the most recent company to fall victim to an elaborate phishing scam, they are not the first and certainly won't be the last. According to recent statistics the average user receives 16 malicious emails each month, and 76% of organizations report that they have been the victim of a phishing attempt. 

According to recent data, the most popular type of phishing scam in 2018 utilized invoice or receipt scams to lure victims. Emails that allege there was an email delivery failure were the second most popular phishing scam, followed by document download emails. 

All email users should be on the lookout for emails that are from unknown or untrusted sources. When an email is from an untrusted or unknown source, it is best to delete the email without opening it. If you have concerns about your account, you should manually enter all usernames or call a trusted customer service line to access information about your accounts.