Phishing emails are one of the common tricks cyber scammers use to steal victims’ sensitive information. Typically, phishing emails pretend to come from an authority and try to induce recipients to click a seemingly legitimate link in the email, which actually leads to a fake page asking you for personal or financial information.
Recently a new kind of phishing email targets on Apple users. Some phishing email pretends to be a receipt for a subscription purchase in Apple App Store. Users are told that they have an one-month free trial and will be charged when it ends. Unsuspecting users may be click the provided link to “cancel the subscription”, and be directed to a fraudulent page requiring them to enter something like Apple ID password.
Other phishing emails may say that some of your account information is missing or invalid and you must open an attached file to verify your details, or that your Apple account will be disabled because of account violations, urging you to verify your information in a fake website that looks like a genuine Apple sign in page.
You are supposed not enter any detail about your account information on the site linked from suspicious emails, or download any attachments included within them.
Apple posted a support document detailing a few tips to help customers identify legitimate emails from App Store, iTunes Store, iBooks Store, or Apple Music. First of all, Apple will never ask you for sensitive information like your credit card number or social security number over email. If you receive an email asking you to update your account or payment information, you are supposed to do so only in the Settings app on your iOS device, in iTunes or App Store on your Mac, or in iTunes on a PC.
To verify if an email about an App Store or iTunes Store purchase is legitimate, Apple advises that genuine purchase receipts include your current billing address, which scammers are unlikely to have. You can also confirm the subscription by reviewing your purchase history from App Store, iTunes Store, iBooks Store, or Apple Music.
Apple encourages users to forward suspicious emails to [email protected].
If unfortunately you have fallen into the phishing scheme, you should change your Apple ID password as soon as possible on your iPhone or the Apple ID website.