Apple: Identify and report phishing emails and other suspicious messages
Posted on April 19th, 2017
Use these tips to avoid phishing scams and learn what to do if you think your Apple ID has been compromised.
Scammers use phishing and other types of social engineering to try to trick you into sharing personal information—such as your Apple ID password or credit card information. It can happen by email, phone, text message, or even through pop-up notifications when you’re browsing the web.
If you believe that your Apple ID has been compromised, please visit your Apple ID account page to change or reset your password immediately. If you need more help, contact Apple.
How to identify a phishing attempt
Scammers often use messages and notifications that are designed to look like they’re from a legitimate company or a person that you know to try to trick you into sharing your password, credit card, or other personal information with them. Phishing scams can come as an email, text, or even a phone call or web page.
These are common signs of a possible phishing attempt:
- The sender’s email address doesn’t match the name of the company that it claims to be from.
- The message was sent to an email address or phone number that's different from the one that you gave that company.
- A link appears to be legitimate but takes you to a website whose URL doesn’t match the address of the company’s website.
- The message starts with a generic greeting, like "Dear valued customer" — most legitimate companies will include your name in their messages to you.
- The message looks significantly different from other messages that you’ve received from the company.
- The message requests personal information, like a credit card number or account password.
- The message is unsolicited and contains an attachment.
- The phone call is unsolicited and the caller claims to be an Apple employee or support representative. Callers might use flattery, threats, or name-dropping to pressure you to give them information or money.
How to avoid phishing scams
Never provide personal account information—including your Apple ID password, credit card info, or other personal information—by email or text message, and use extreme caution when clicking links in messages or sharing information over the phone. Instead, visit the company's website directly or call them yourself.
Here are some additional tips for avoiding scams:
- Turn on two-factor authentication for your Apple ID, so that your password alone is not enough to access your account.
- Learn more about security and your Apple ID. Use a strong password, pay attention to notifications about your Apple ID, and always keep your contact information secure and up to date.
- Never share temporary verification codes, that are used by Apple to verify your identity, with anyone.
- Learn how to verify that your browser is securely connected to iCloud.com and other sites. Pay attention to warnings about expired certificates or untrusted connections.
- Don’t click any link in or reply to an email or text without verifying the sender. Instead, go to the company’s website, find their contact information, and contact them directly about the issue.
- Don’t click any link or button on a website without making sure that the address (URL) of the the company’s website appears to be correct.*
- Don’t open or save attachments from unknown senders. If you receive an attachment that you weren't expecting, contact the company to verify the contents.
- If you’re not sure about the source of a browser pop-up window, avoid clicking any links or buttons in the window.
- Always confirm the caller's identify before you provide any sensitive information over the phone. If you get an unsolicited call from someone claiming to be from Apple, hang up and contact us directly.
Report phishing attempts and other suspicious messages to Apple
To report a suspicious email, forward the message to Apple with complete header information. In macOS Mail, select the message and choose Forward As Attachment from the Message menu.
These email addresses are monitored by Apple, but you might not receive a reply to your report.
- If you receive what you believe to be a phishing email that's designed to look like it’s from Apple, please send it to email@example.com.
- To report spam or other suspicious emails that you receive in your iCloud.com, me.com, or mac.com Inbox, please send them to firstname.lastname@example.org.
- To report spam or other suspicious messages that you receive through iMessage, please send them to email@example.com.
- If you receive a suspicious message about your account activity in the iTunes Store, App Store, or iBooks Store, please contact iTunes Support at www.apple.com/support/itunes/store.
*On your Mac, hover your pointer over the link to see the URL in the status bar. If you can't see the status bar in Safari, choose View>Show Status Bar. On your iOS device, touch and hold the link.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.
Published Date: Apr 19, 2017