Apple devices have a strong reputation for being highly secure and even resistant to most forms of malware. However, users of Apple platforms and devices can still be susceptible to online scams that target user trust to solicit sensitive data such as login credentials and personal information. Cyber scams involving Apple IDs are generally phishing attacks, and accounted for a third of all data breaches in 2019.
There are over one billion active Apple devices which require Apple IDs to access Apple services such as iCloud, iMessage, Apple Music, etc. Apple have repeatedly stated they will never ask for personal details by text or email. But the nature of some of these scams means there are times when you may be fooled into thinking that you’ve been sent some legitimate correspondence by Apple.
Why fraudsters want your Apple ID
Your Apple ID is valuable to fraudsters because it is what you use to access anything Apple-related and store a lot of valuable information. You use it to login to your all of your Apple devices. It includes your payment and shipping information, and it allows you to access your subscriptions, in-app purchases, etc. Your Apple ID is also used to access iCloud, where you can store private photos and other types of valuable files that can be used to target you if they fall into the wrong hands. This is why you need to guard your Apple ID with everything you’ve got.
Here are 7 of the most common and dangerous Apple scams to watch out for.
iCloud phishing scams
Cybercriminals behind Apple email phishing campaigns create authentic-looking invoices and email messages that can be very convincing if you’re not paying attention. You may receive messages purportedly from Apple support saying that your iCloud account has been locked for security reasons. The message often includes a live, malicious link that will take you to a bogus Apple login page, hoping you’ll be tricked into giving up your credentials on the fake page.
Some of these emails will include Apple’s support number and official address which can be a near carbon copy of an email you might actually receive from Apple. These emails have been successful in tricking many unsuspecting Apple customers into handing over sensitive data to fraudsters.
Here’s an example of a fake iCloud message:
If you have received a phishing email that is designed to look like it came from Apple, send it to firstname.lastname@example.org.
Fake receipt or invoice scams
This type of scam is designed to fool the recipient into thinking that a 3rd party has misused their Apple ID to make a fraudulent purchase. The receipts or invoices used appear to be official Apple documentation, and if you’re not paying attention, they can fool you into thinking it came from Apple.
Here’s an example:
If you’ve received such a message, your first instinct would be to contact Apple to cancel the purchase. This is what the fraudster is banking on. And the fake invoice will conveniently have a link that you can quickly click to cancel the purchase. When you do click, it will bring you to a bogus Apple webpage that is designed to steal your personal information.
With the exponential rise in smartphone users, you’re just as likely to receive a phishing message through iMessage. There are various variants of this scam. You might get a message that claims to come from Apple support saying your Apple ID has expired or is going to expire on the day you receive the message. You’ll be prompted to click on a link in the message to restore your account.
Other variations of the scam inform the recipient that their account is about to be deleted unless they click on the link included in the message. If you happen to click on the link, you’ll be taken to a fake webpage that mimics the legitimate Apple website. When messages are sent via iMessage, they often arrive from an undisclosed sender. Some of the text messages include an anonymised phone number with an overseas code.
Here are Apple’s top tips that can help you spot phishing scams:
- The sender’s phone number or email doesn’t match the company name it claims to come from.
- Apple will NEVER ask you to provide personal details by text message or email.
- Your email address doesn’t match the one you gave the company.
- The message asks for sensitive information such as your credit card details, account password or personal information.
- The link in the email looks authentic, but takes you to a website with a URL that is different from the company’s website.
- The message uses a generic message such as “Dear customer” rather than your real name. Legitimate companies will often address you by your real name.
- The grammar and spelling is often poor, but this is not always the case.
- The message looks very different from other messages you’ve received from the company.
- The message is unexpected and includes an attachment.
Persistent pop-up ads in Safari
Pop-ups include random ads, offers or alerts that suddenly open in your current browser window or in a new window. There are many variations of this scam. Some will claim your Apple device has been infected with a virus. Others might provide a fake number for you to contact Apple support. They may also claim to offer software updates, plug-ins or free downloads to try to trick you into downloading malware onto your machine.
Be aware that some ads and pop-ups have fake buttons that resemble the close button, so you’ll need to be very careful when closing them. If you’re not sure how to close them, simply close the Safari window.
Here are some tips from Apple to help you manage pop-ups and other random interruptions.
· Always ensure that you’ve installed the latest security updates for all of your Apple products. Many of the updates contained in the latest releases include enhancements that help to control pop-ups.
· The App store is the safest place to download apps for your Mac. If you need 3rd party software for your computing device that is not available in the Apple App Store, get it directly from the developer or a trusted source, rather than through an ad or link.
To switch on these settings on your iPhone, iPad or iPod touch, go to Settings > Safari. On your Mac, you can find these options in Safari > Preferences. You can switch on fraudulent site warnings in the Security tab.
If you see persistent ads or pop-ups on your Mac, you may have inadvertently downloaded and installed adware when downloading apps or games on 3rd party sites. To get rid of adware from your Mac, update to the latest version of MacOS. This operating system includes a built-in tool that removes known malware when your Mac is rebooted.
Apple is extremely vigilant at keeping malicious apps out of the iOS App Store. However, hundreds of counterfeit apps masquerading as the real thing have been able to slip through the cracks. Some of these dangerous apps have ranked in the Top 100 of the official app store. In some cases, they have been downloaded more than 100,000 times. One example of this type of malware is a backdoor malware that masquerades as a legitimate software program. It performs the same functions as the real app, but also installs additional malicious software that can provide a backdoor into your Mac platform, allowing attackers access to your sensitive data.
Due to bugs in Apple’s app store algorithm, some of these apps can appear high in the search rankings, increasing the likelihood that they will be downloaded by some unsuspecting users. This is why it is so important to always be on your guard for apps with vague app titles and questionable reviews.
Ransomware is a type of malware attack where your computer is rendered inaccessible until you pay a ransom to get your files decrypted. Even though ransomware is mainly a concern for Windows computers, Macs have been affected by ransomware attacks, even though there hasn’t been a serious ransomware outbreak on the Mac or any Apple hardware.
Nevertheless, security experts maintain that Apple users are vulnerable to WannaCry-type attacks. To protect your Apple device from ransomware, consider installing the free RansomWhere? App. This app runs in the background and watches for any activity that resembles a ransomware attack, such as the rampant encrypting of files. It then halts the process and lets you know what’s happening.
Scam phone calls
An Apple phone scam begins with you getting a call from a fake support technician claiming to be calling on behalf of Apple. The scary thing is that some fraudsters may contact you using spoofed phone numbers. This means the number that is displayed on your phone would be a real Apple number, with Apple’s logo, official website, customer support number, and actual address. This way, everything looks authentic. But what is even more scary is that if you are an iPhone owner and you request a call back from Apple’s customer support, the bogus call will get indexed your phone’s “recent calls” list as a previous call from Apple Support line.
The reason fraudsters will give for the call is that your device has been infected with malware, and they’re calling to help you get rid of it. They will try to talk you into downloading remote access software, which will allow them to connect to your computer and be able to access everything on it. The plan is to download malware and take full control of your computer to steal all of your sensitive information.
How to deal with scam Apple phone calls
· Apple support will never contact you out of the blue to fix anything. You would have to initiate the process with a request for support. If anyone calls you claiming to be from Apple, turn down whatever they are offering and hang up the phone.
· Never provide personal information over the phone.
· Never grant remote access to anyone over the phone unless you initiated the process yourself, and you are 100% sure that you are dealing with Apple support.