iPhone XS and XS Max in silver, space gray, and gold.
Apple Shares Tips on Avoiding App Store and iTunes Phishing Emails
Apple last week shared a new support document that's designed to help App Store and iTunes users avoid phishing emails that mimic legitimate emails from Apple.
In the document, Apple outlines techniques to identify an actual App Store or iTunes email, which the company says will always include a current billing address, something scammers are unlikely to have access to.
An example of a well-crafted phishing email
Apple also says that emails from the App Store, iBooks Store, iTunes Store, or Apple Music will never ask customers to provide details like a Social Security Number, mother's maiden name, a credit card number, or a credit card CCV code.
Apple recommends that customers who receive emails asking them to update their account or payment information do so directly in the Settings app on an iPhone, iPad, or iPod touch, in iTunes or the App Store on a Mac, or in iTunes on a PC rather than through any kind of web interface.
Customers who receive a suspicious email can forward it to reportphishing@apple.com, and any customer who may have entered personal information on a scam website should update their Apple ID password immediately.
Scam and phishing emails like those Apple describes in this support document are not new, but at the current time, there's a new wave of legitimate-looking emails going around that look much like Apple emails that can easily fool customers who don't know what to look for.
In the document, Apple outlines techniques to identify an actual App Store or iTunes email, which the company says will always include a current billing address, something scammers are unlikely to have access to.
Apple also says that emails from the App Store, iBooks Store, iTunes Store, or Apple Music will never ask customers to provide details like a Social Security Number, mother's maiden name, a credit card number, or a credit card CCV code.
Apple recommends that customers who receive emails asking them to update their account or payment information do so directly in the Settings app on an iPhone, iPad, or iPod touch, in iTunes or the App Store on a Mac, or in iTunes on a PC rather than through any kind of web interface.
Customers who receive a suspicious email can forward it to reportphishing@apple.com, and any customer who may have entered personal information on a scam website should update their Apple ID password immediately.
Scam and phishing emails like those Apple describes in this support document are not new, but at the current time, there's a new wave of legitimate-looking emails going around that look much like Apple emails that can easily fool customers who don't know what to look for.
[ 48 comments ]
Top Rated Comments
(View all)
7 months ago
PROTIP: disable html in your mail client, it's harder to phish when you can see the links that will be used are not what the text claims they are.
Bonus: tell anyone sending html only to not be a muppet, helping the phishers by conditioning users to accepts such emails. Ask them to include the regular plain text body for those who are trying to not be phished.
Bonus: tell anyone sending html only to not be a muppet, helping the phishers by conditioning users to accepts such emails. Ask them to include the regular plain text body for those who are trying to not be phished.
7 months ago
How about tips for recognizing battery throttling scams?
How much longer are we gonna beat a dead horse?
7 months ago
Good move on Apple for doing what they can to inform people about phishing.
7 months ago
I think the current app store's "Today" section design is kind of phishing too.
If you hold the phone with your right hand and scroll through the Today's stories with your right thumb, you can so easily touch the "GET" or "purchase" buttons by mistake, and when that happens some people's first reaction is to press the home button to quit the app store app, but if you do that and if you are using touch ID to approve purchases, the purchase gets approved.
That's not what phishing means.
[doublepost=1519875375][/doublepost]
You’d think they could use their fancy smancy machine learning to stop these from coming through for all sorts of major companies. I know companies like PayPal have trouble with this all the time. Even if you can’t cover everything it’s better to get at least 90% of them.
Heck, you could probably just regex to match certain strings like their footer or other common phrases used in Apple emails. Then check the sender against official Apple email addresses and if it doesn’t check out, send it to the spam folder or put a big red warning at the top saying the email seems suspicious and might be a phishing attempt. This seems like a solvable problem in 2018.
They often do. My spam filter (ASSP) correctly flag all the phishing emails I get as spam. When reviewing stuff in my spambox for false positives, I often take a second look at things that look like they came from Netflix or Apple, only to realize they were correctly flagged. But remember there are a ton of email providers out there with various types and qualities of spam filters.
7 months ago
These are actually good tips. I didn’t realize Apple emails have your mailing address on them.
7 months ago
The first step, verify the senders address by clicking on it. Phishing emails will never have Apple.com at the end.
Example: no_reply@email.apple.com good.
Example: no_reply@email.apple.com good.
7 months ago
('//www.macrumors.com/2018/02/28/apple-app-store-phishing-emails/')
Apple last week shared a new support document ('https://support.apple.com/en-us/HT201679') that's designed to help App Store and iTunes users avoid phishing emails that mimic legitimate emails from Apple.
In the document, Apple outlines techniques to identify an actual App Store or iTunes email, which the company says will always include a current billing address, something scammers are unlikely to have access to.
An example of a well-crafted phishing email
Apple also says that emails from the App Store, iBooks Store, iTunes Store, or Apple Music will never ask customers to provide details like a Social Security Number, mother's maiden name, a credit card number, or a credit card CCV code.
Apple recommends that customers who receive emails asking them to update their account or payment information do so directly in the Settings app on an iPhone, iPad, or iPod touch, in iTunes or the App Store on a Mac, or in iTunes on a PC rather than through any kind of web interface.
Customers who receive a suspicious email can forward it to reportphishing@apple.com, and any customer who may have entered personal information on a scam website should update their Apple ID password ('https://support.apple.com/kb/HT201355') immediately.
Scam and phishing emails like those Apple describes in this support document are not new, but at the current time, there's a new wave of legitimate-looking emails going around that look much like Apple emails that can easily fool customers who don't know what to look for.
Article Link: Apple Shares Tips on Avoiding App Store and iTunes Phishing Emails ('//www.macrumors.com/2018/02/28/apple-app-store-phishing-emails/')
7 months ago
Good move on Apple for doing what they can to inform people about phishing.
Apple would catch more fish
7 months ago
Question: What's the tell on this email that it's not real?
Answer: the spelling of "cancellation." Apple always spells the word as "cancellation." Note that in this phishing example, the word is spelled "cancelation."
Actually, not true.
The actual giveaway is the use of the word cancelation/cancellation in the first place. Apple never make it that easy to stop giving them money, it's always a couple of layers deep.
[ Read All Comments ]
Spire, a company that makes small Health Tags that are designed to clip on to your clothing, is now selling its products in Apple retail stores.
The Spire Health Tag, available as a single tag...
If you live in Canada and haven't pre-ordered an iPhone XS or iPhone XS Max yet, you might still be able to score one on launch day.
Apple has activated its Reserve and Pickup system in...
With the release of iOS 12, tvOS 12, and watchOS 5 yesterday, Apple made some quiet changes to its iTunes and App Store privacy policy on iOS devices and the Apple TV, as pointed out by VentureBeat.
...
Back in March, Mazda became one of the last major car manufacturers to announce launch plans for CarPlay support. Mazda's first announced vehicle with CarPlay is the 2018 Mazda6, with owners of...
The iPhone XS and XS Max are Apple's most expensive iPhones yet, with the top-of-the-line iPhone XS Max coming in at a cost of $1,449 for 512GB of storage.
If you want to outfit your...
If you updated your iPhone to iOS 12 this week and noticed that some Activity Challenge awards are missing, you're not alone.
In a new support document, Apple has acknowledged that five...
The watchOS 5 update, introduced yesterday, brought several new watch faces that weren't available during the beta testing period. These faces are designed to work with the Apple Watch Series 4...
Google today updated its popular Google Maps navigation app, introducing support for CarPlay. With iOS 12, third-party mapping apps work with CarPlay for the first time, giving CarPlay users an...
