Unfortunately, there are many ways for malicious entities to scam unsuspecting Apple users. Scams and scammers aren’t exclusive to the Apple ecosystem, but they are a concern for users of any platform. This article focusses on the common Apple related scams and provides you with a checklist so that you can be mindful and protect yourself.
Despite the iPhone and Mac’s reputation for being extremely secure, users of Apple’s products can still fall victim to cons and phishing attempts. It might be particularly worrying because Apple users might be lulled into a false sense of invulnerability.
With that in mind, here’s everything you need to know about some of the most common Apple-related scams. And, more importantly, how you can protect yourself against them.
What’s At Risk?
For the most part, Apple-related scams are after two things: your Apple login credentials or your financial information.
Obviously, this information can be dangerous in the wrong hands. Credit card information is a no-brainer, but an attacker with access to your Apple ID can also wreak all types of havoc.
In some cases, scammers will even attempt to steal your social security number or other extremely confidential data.
How Do Apple Related Scams Work
Generally, Apple-related scams will attempt to appear as a form of contact directly from Apple itself. (Though there are exceptions.)
They are mostly sent by email or text, but phone call scammers aren’t unheard of. There are also ways for fraudulent apps and websites to try and scam you, too.
No matter the form they take, they tend to prey on the trust between a user and Apple. Sometimes, they’ll attempt to highlight a nonexistent problem and promise a fix if certain “steps” are followed. In other cases, they’ll instill a sense of urgency to trick a victim into performing a particular task.
Common iPhone Scams by Type
While there is a slew of Apple-related scams, many of them rely on the same basic techniques of persuasion. Due to that, the best way to organize these scams is probably to categorize them by the method of delivery.
Once you learn how to recognize common scams targeted at Apple users, you can move on to protecting yourself against them.
Email is one of the more common avenues in which these entities attempt to deploy their scams.
Email-based scams targeting Apple users can take many forms, and they often try to mimic the appearance or tone of legitimate emails sent from Apple.
Perhaps more worryingly, many of them can appear very realistic. In some cases, the only differentiating factor could be a fraudulent web address — a detail that can be often missed.
This form of scam is so common because many email addresses are publicly listed, whether on a company website or through another outlet.
But emailed scams can come in several forms, so it’s important to know how to recognize them.
- Receipt or invoice scams. These scam emails are often very realistic. They will typically depict an unreasonably high charge to your credit card. To “fix” the charge, the email will provide a fake link to a phishing website where the scammers will attempt to solicit your financial information.
- Subscription scams. A derivative of the scam above, but a fairly recent form of it. Basically, these emails will claim that you signed up for an app subscription — typically at a really high price. It’ll then send you to a phishing website.
- “Account Locked” Scams. There are variations on this scam, but all of them claim that your account is currently locked or will be closed due to a “security policy change.” They’ll attempt to get your Apple ID and login via a fraudulent website.
- Approve Login Scam. These email scams play on a user’s paranoia. They’ll state that someone has logged into your Apple ID from a foreign country. Their solution is yet another fake website where they’ll ask for your Apple ID and password to “fix” the issue.
While text message scams are not as common as emailed scams, they can still happen from time to time.
This is especially true if your real phone number is somehow listed publicly on the internet.
Generally, text scams aren’t as easy to fake as emailed scams. Because of the way SMS text messages work, it’s tough to add additional graphics or formatting that might make them appear more credible.
Still, text message scams can be effective, particularly against people who don’t know what to expect as far as genuine Apple contact. Luckily, malicious URLs can’t be hidden underneath an “address title” as they can with emails. Thus, they’re a bit easier to spot.
As with emails, they generally fall into a few different categories.
- Apple account deactivated. One popular tactic is to claim that your Apple account will be deactivated within a set period of time, or has already been terminated.
- iCloud locked. A similar method is to state that your iCloud account has been “locked,” and that you’ll need to go to a fraudulent website to unlock it.
- “Fake” account login. Again, like with emails scams, some texts will prey on account hacking paranoia. They’ll claim that your account has been logged into from a strange location, and will attempt to get you to visit a link to secure it.
Browser-based scams aren’t necessarily “deployed” via the usual means of contact.
Instead, they’ll often pop up on sketchy or compromised websites. Though that’s not always the case. They can appear even on popular and otherwise legitimate sites.
- iOS Has Crashed. One of the most common variations of the browser-based scam. This pop-up will claim that iOS has crashed and will often redirect you to another site. Alternatively, they’ll depict a fake “tech support” number for you to call.
- Virus Detected. A similar technique to the iOS crash message, just not as believable. iOS generally devices don’t get viruses. Any pop-up claiming that a “critical virus” has been detected will be patently false.
- You’re a Winner. In other cases, the scammers will claim that you have qualified for a prize or that your iPhone has been specially selected to win something. If you tap “OK,” they’ll redirect you to a malicious website.
Phone call scams are likely the rarest, but they can also be the most convincing for some. Unlike other scams, the scammer won’t always claim to be an Apple employee.
But the worst part is that it can be hard to identify whether it is a legitimate call or not, particularly if one is not familiar with the contact policies of Apple or other tech support entities.
It’s important to note that, basically, Apple will not give you an unsolicited phone call in regards to your iOS device or your Apple ID.
- Tech Support. Basically, someone will call you and pretend to be a tech support specialist or Apple staff. They’ll say there is a problem with your account or device, and will often say they need your login and financial information to “verify” your identity.
- iTunes Gift Card Scam. Basically, this scam has a fraudulent caller claim to be from a bank, financial institution, or the IRS. They’ll state that there is a heavy debt owed, and the only way it can be paid is via iTunes gift card.
App-Based Scams on your iDevice
Thanks to Apple’s stringent App Store policies and review process, malicious apps are few and far between on the storefront.
But there are exceptions, and they can be exceedingly deceptive. On that note, here are two that you need to keep an eye out for.
While there aren’t any known cases of this app-based scam in the wild, an app developer created a proof-of-concept exploit that showed off how dangerous they can be.
Basically, the developer created an app that pushed out a pop-up window that looks basically identical to a typical iOS request for your Apple ID password.
As most iPhone users know, iOS can sometimes request your password seemingly at random. And because the fraudulent request is so realistic, it can be basically impossible to tell a fake request from a real one.
The best way to mitigate this threat is to close out of the app. The fake password request can only appear when the malicious app is open.
Because of that, if the request disappears when the app is closed, you can be sure it’s fake.
In-App Purchase Scams
This is less of a scam that attempts to steal confidential information and more of a snake-oil situation in which a malicious entity dupes users into paying for a useless service. And according to developer Johnny Lin, these types of app scams are on the rise.
Basically, these will appear to be legitimate apps that offer a basic service. You’ll download the app, put in your credit card details, and will be charged for that service.
But the service will often be completely useless for an iOS device. A good example is an antivirus software. iOS devices don’t need antivirus programs, and never will. So you should never pay for one (they don’t do anything anyway).
How to Protect Yourself Against Scammers (A Checklist)
Once you learn how to recognize common Apple-related scams, there are a few important things you should keep in mind. These are the most important steps you can take to protect yourself from any potential threat.
While you may not be able to stop receiving a scam, you can certainly avoid giving out your personal information or
- Check the sender or caller. Actual emails sent from Apple will be pretty apparent (receipts, for example, are sent by firstname.lastname@example.org). Similarly, Apple doesn’t make unsolicited calls — so unless you’re expecting a call from an Apple Store or Apple Support, don’t believe them.
- Verify emailed links before you click on them. In an email, you can hover your cursor over a link. In iOS, you can tap and hold on a link to reveal its actual address. Don’t fall for fraudulent links such as “helpatapple.com” or “apple.net.” If you’re suspicious, just don’t click on any links.
- Check the text messaged links. These will be easier to spot since they can’t be masked in SMS text messages. If the address doesn’t end in apple.com, it’s fake. Apple doesn’t use any derivative URLs like “icloudsecurity.com” or “verifyyourapple.com.” Don’t click on these links.
- Pay attention to the details. Official emails, receipts or contact from Apple will generally include your name and billing address. In the vast majority of cases, scam emails or texts will not. This scam has been on the rise. The classic example is you see an email that says your account has been charged for a game or an app that you dont have a clue about. The best thing to do is to tap on your apple id on your iPhone and check the subscriptions status or place a call to iTunes Support and have them look it up for you. Do not click on any links from the email or download anything.
- Don’t give in to requests for your financial or social security information. Actual Apple employees will never ask for these details when troubleshooting an issue with your Apple account or device. At the very least, they won’t ask for your social security number, full credit card details, or your card’s 3-digit security code.
- Similarly, double-check “Apple” websites. Don’t give your Apple ID, password or financial details to any website unless you’re absolutely sure it’s a real. Don’t follow any links from emails or texts, go just directly to Apple.com and find the page you need from there.
- Don’t call any provided “support” numbers. These will be fake phone numbers staffed by scammers. If you’re not sure, contact Apple directly and inquire about any problems with your iOS device or Apple ID.
- Don’t reply to texts or emails, or answer calls. Responding to scam messages and answering scam calls just lets the scammers know that your number or email address is a live one. You can avoid this by simply ignoring them.
- When in doubt, just delete the email or text. Again, contact Apple directly (through their official channels) to see if there is actually an issue with your account.
- Follow our guide on how to avoid and get rid of pop-up browser scams. (Link: How To Get Rid Of Safari Pop-Up Scams)
How to Help Stop Scams
Of course, you can go beyond just protecting yourself from scams. Apple recommends you report all suspicious activity, phishing attempts, and online abuse to their Fraud Prevention Team.
- To report a fraudulent email, you can simply forward the full email to email@example.com. Make sure to turn on header details before sending it off.
If you want to take it a step further, you can also report scams and internet crime to the FBI’s Internet Crime Complaint Center (IC3). Just go to the following website and follow the steps.
While it might be impossible to put an end to scams entirely, reporting specific scams and scammers could help mitigate their spread.