Irina Maltseva is a growth marketer with 10+ years of experience in digital marketing. After being scammed by Airbnb and Booking.com, Irina joined Aura to help the company on its mission to create a safer internet for everyone.
Jory MacKay is a writer and award-winning editor with over a decade of experience for online and print publications. He has a bachelor's degree in journalism from the University of Victoria and a passion for helping people identify and avoid fraud.
Apple is one of the most secure companies in the world — but scammers have still found ways to hack into your Apple ID and take over your account.
In one example, an Apple user on Reddit received a legitimate-looking email claiming that their Apple ID had been locked. But after clicking on the link and entering their iCloud account information, the user was asked for a credit card number to “prove their identity” [*].
At this point, the victim realized it was a scam — but the damage was done. Hackers had stolen their Apple ID and password using an Apple phishing email scam.
Apple ID attacks like this are on the rise. Account takeover fraud — in which scammers target your account login credentials — was up by a staggering 131% in the first half of 2022 [*].
According to the latest data from the Federal Trade Commission (FTC) [*]:
Apple is the second-most impersonated brand by scammers (next only to Amazon).
In this guide, we’ll show you what Apple phishing emails look like, how to tell if an Apple email is legitimate, and what to do if you’re targeted by one of the latest Apple scams.
{{show-toc}}
What Is an Apple Phishing Email? Is It Dangerous?
In Apple phishing scams, scammers send emails designed to look like they’re from Apple (or other legitimate companies) in an attempt to steal your Apple ID or money.
The worst part is that these phishing attempts can appear to come from any part of the Apple ecosystem. For example, fraudsters might send fake receipts from the App Store or anxiety-inducing messages from Apple Support.
If you open, click on a link, or engage in any way with an Apple phishing scam, it can have serious consequences.
With your Apple ID, a scammer can:
Steal your Apple ID password and personal information. Apple phishing emails often lead tofake login pagescreated to steal your personal data. If scammers gain access to your Apple ID, they can find all sorts of sensitive information that could be used to steal your identity.
Take over your Apple ID email and request password resets to other accounts. With access to your iCloud email, scammers can request password resets for any of your linked accounts. If you don’t have two-factor authentication (2FA) enabled,your accounts could be at risk.
Find sensitive files, photos, and videos in your iCloud backups. If scammers gain access to your iCloud drive, they can use any sensitive information they find to either blackmail you or steal your identity.
Make purchases from the App Store, Apple Music, iTunes Store, or Apple Books. Scammers who have your Apple ID will be able to use your linked payment card to make purchases or subscriptions in your name.
✅ Take action: If scammers gain access to your Apple ID, your online bank and other accounts could be at risk. Try Aura’s top-rated identity theft protection free for 14 days to protect your accounts and sensitive information from scammers.
How To Tell If an Apple Email Is Real: 5 Warning Signs
Scammers try their hardest to make phishing emails look like they’re from Apple. Take a look at the example below:
If you’re in a hurry, you might think this is a legitimate email. It looks like it’s from “Apple ID,” includes an Apple logo, and contains a link that looks like it’s leading to the official Apple ID website.
But upon closer inspection, there are some warning signs indicating that this is a scam:
It doesn’t come from an official Apple.com email address. Instead, the scammers have changed their “from name” to look like it’s from Apple (or “Apple ID”). Always click on or hover over the sender’s name to reveal their actual email address.
There are subtle spelling and grammatical errors. Legitimate emails from Apple will almost never contain mistakes. Grammatical errors like “required”( instead of “requires”), “an unusual activity,” and no comma after “Sincerely” are signs that the email is fraudulent.
The link takes you to a different URL than what’s shown. Scammers often change the display of links to make them appear more legitimate. You can hover over a link to see where it’s taking you. If you click on a link and the website that loads is different from what is noted in the link, leave the site immediately.
There’s no personalization. Usually, companies like Apple will greet you using your full name. Because they don’t have access to this information, scammers use generic greetings like “Dear friend” or “Dear valued customer.”
It creates a sense of urgency by threatening to disable your Apple ID. Phishing scams try to use a false sense of urgency to make you act without thinking. Here, the scammer warns that there are only 24 hours to respond before the victim’s Apple ID is disabled.
Scammers are constantly finding new tactics to target their victims — from emails to phone calls and website pop-ups. Here are five of the most common phishing scams currently targeting Apple customers:
1. Your Apple ID has been locked or suspended
In this classic phishing scam, you receive an email, iMessage, or even social media message informing you that your Apple ID has been locked. This message might be accompanied by a fake receipt claiming that there’s been suspicious activity on your account.
If you click on the link, you’ll be taken to a site that asks for your personal information (like your Social Security number, bank account information, and name) to verify and unlock your account [*].
How to tell if it’s a scam (and what to do):
Always log in to your Apple account directly. Never click on links in emails. Instead, log in to your Apple account on AppleID.apple.com — or via the Settings app on your iPhone or iPad, or through iTunes on your Mac. If there’s an issue, you’ll be alerted as soon as you log in. If you see nothing, it’s a scam.
If you click on a link, make sure it takes you to an official Apple.com web page. Scammers often mask the true locations of links in phishing emails. Click on the padlock symbol near the URL on a browser like Chrome or Safari to make sure that it’s “Apple.com” and that the security certificate is issued to Apple.
In this type of scam, you’ll receive an email from “Apple” that contains a receipt for a purchase that you didn’t make. The email will also contain a link to let you view, confirm, or cancel the order [*].
Again, scammers are trying to get you to click on a link to a phishing website by threatening you with a payment that you didn’t authorize.
How to tell if it’s a scam (and what to do):
Check the sender’s email address. Official Apple email addresses end in “@email.apple.com.” Anything else is a scam. In this example, the email is from “@applestorepayment.com” — designed to trick you.
Sign in to your account via official methods. Don’t use links in emails. Instead, log in using AppleID.apple.com on your web browser or directly via the Settings app on your iOS device. Once you’ve signed in, you can check your purchase history. Remember: Official Apple invoices won’t contain a hyperlink to cancel or manage your orders.
Not all Apple phishing attacks occur over email. In this social engineering scam, fraudsters send a text message claiming there’s an issue with your Apple Pay account and it has been suspended.
The text includes a link to help you “reactivate” your account. But if you click on it, you’ll again be asked for your Apple ID credentials and other sensitive information, such as your credit card or bank account numbers.
How to tell if it’s a scam (and what to do):
The link doesn’t send you to an Apple website. If a link leads anywhere other than to an official Apple web page, it’s a scam. Fraudsters attempt to make the link look as real as possible; so always sign in to your account through the official Apple website or Settings app.
The number doesn’t appear to be from Apple. Text messages from Apple always display “Apple” as the sender’s number. If the message is from an unknown number, it’s a scam message. Also, don’t blindly trust your caller ID, as scammers can “spoof” their phone number to make it look like it’s coming from Apple.
Never enter information on a website linked via an unsolicited text or email. Always contact Apple Support directly atsupport.apple.com/contact to find out whether there are any problems with your Apple Pay account.
Nearly one in three Americans said they’d fallen victim to a phone scam in 2021 [*]. And cybercriminals are now pretending to be from Apple customer support to get people to share personal information.
In this scam, fraudsters leave a voicemail saying there’s been suspicious activity on your account. They leave a phone number to call so that you can resolve the “issue.”
When you call the number, the scammer acts like they’re verifying your identity and helping fix the issues with your account. During this process, they ask for your personal information and may claim that they need payment to reactivate your account. They may even direct you to a fake login page that steals your personal information.
How to tell if it’s a scam (and what to do):
Hang up and call Apple directly. Scammers can use falsified caller IDs to make it look like they’re calling from Apple (or other familiar companies). If you receive an unsolicited call, hang up and call Apple directly via itscustomer supportphone lines or other verified methods.
Never provide personal information to unsolicited callers. Remember: Apple never calls its users by phone. Instead, Apple will send you an email if there are any issues with your account. If someone calls you claiming to be from Apple, hang up immediately.
Don't pay for tech support. Some scammers will request upfront payment for technical support (in the form of Apple gift cards or via payment apps). Apple will never request upfront payment — especially using non-traditional payment methods.
5. Password reset emails that target your cryptocurrency wallets
MetaMask is a popular digital wallet for cryptocurrencies that can be backed up to iCloud. However, what began as a useful security feature (for when you lose your device) has become another target for scammers.
In this scam, fraudsters find your Apple ID and make multiple password reset requests on your account. As you’re receiving these warnings, they call you, claim to be from Apple Support, and ask for the six-digit reset code that you just received to “verify your identity.”
Once they have access to your Apple ID, the scammers sign in to your account, access your MetaMask wallet, and steal your cryptocurrency.
How to tell if it’s a scam (and what to do):
“Apple Support” asks for your reset code. The biggest red flag in this scam is that the caller asks for your six-digit password reset code. Under no circumstances will Apple’s support team ever do this, so don’t fall victim. Never share your verification code with anyone.
Disable iCloud backups for your MetaMask data. Your password-encrypted MetaMask vault and seed phrase are backed up to iCloud by default. To turn this off, head to Settings > Profile > iCloud > Manage Storage > Backups, and toggle off backups for MetaMask.
✅ Take action: Protect yourself from the worst consequences of online scams with Aura's $1 million insurance policy for eligible losses due to identity theft. Try Aura free for 14 days and secure your identity (and finances) against fraud.
What To Do If You Open (or Click on) an Apple Phishing Email
Disconnect your device from the internet and back up your files. By clicking on a link in an email, you may have unknowingly downloaded malicious software that can spy on you or steal your information. By turning off the internet and backing up your files, you minimize the risk of further damage.
Scan your device for viruses. If you’ve clicked on a link or downloaded an attachment from an email message, you should scan your computer immediately by using an antivirus. Aura offers a high-quality antivirus that can quarantine and remove any viruses, malware, or spyware that might have been contained in the attachment.
Secure your Apple account. Update your Apple password to a unique phrase that you haven’t used for any of your other accounts. Aura’s password managercan store your passwords securely so that you won’t forget them. You should also use two-factor authentication (2FA), as this adds another layer of security to your Apple ID.
Report the scammer to Apple. If you receive a suspicious email or text, forward it to reportphishing@apple.com. For scam content received in Messages, tap Report Junk beneath the message. You can then block that phone number. This will help Apple identify fraudulent email addresses and warn other users about new scams.
Submit a fraud report to the relevant agencies. If you fall victim to a scam or have your identity stolen, you should report the crime to your local law enforcement agency, the Federal Trade Commission (FTC), and the Internet Crime Complaint Center (IC3).
Learn how to spot a fake email, pharming site, or fraudulent phone number. To avoid falling victim again, you should learnhow to tell if an email is from a scammer. Likewise, memorize the signs offake websitesand how to avoid them.
Check your credit report and bank statements for signs of fraud. If scammers gained access to your Apple ID, they might use the information they found to access your financial accounts. If you see suspicious activity, freeze your creditimmediately and contact your financial institution.
Consider signing up for identity theft protection. With Aura, you get #1-rated identity theft protection, proactive device security, and near real-time financial monitoring. To avoid falling victim to a phishing scam, consider signing up for Aura’s 14-day free trial.
Your Apple ID is the key to your digital identity. Almost all Apple hacks occur because the victim fell for an email scam or didn’t secure their accounts adequately.
To stay safe online and protect yourself from scammers, here’s what you should do:
Make sure you’re using the best cyber hygiene practices.
Set up 2FA or multi-factor authentication (MFA) on all of your online accounts.
Never click on links or download attachments from suspicious messages.
Use an antivirus program to scan your devices for malicious software.
Keep your Apple devices up to date in order to avoid the latest cybersecurity threats.
Use Aura’s all-in-one digital security solution to protect your accounts and monitor for fraudulent activity.
Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.
Is this article helpful so far?
Yes
No
Skip
Need an action plan?
No items found.
Is your child ready for a cell phone? Take this quiz to find out.
The Dangers of Using Public Wi-Fi (and How To Stay Safe)
Public and unsecured Wi-Fi networks are convenient. But are they safe? Learn the 10 hidden dangers of unsecured and public Wi-Fi networks (and what to do).