Apple scams returned in January

New wave of Apple scams was noticed at the beginning of January

Apple scams returned in January

Apple product lovers and users should be cautious. A new wave of Apple scams[1] has been spotted spreading quite actively this January. Scammers use social engineering techniques to trick people that they received a receipt, warning about unauthorized access to their accounts or Apple ID expiration.

Researchers from Malwarebytes[2] tell that the majority of recently discovered phishing websites are shut down. However, users should be reminded of new techniques used by cyber criminals. Researchers exclude four types of scams that are aimed at Apple users:

  • Fake receipt emails,
  • Someone else logged in your account,
  • Apple ID expiration notifications,
  • Fake app purchases.

While some of the scams are easy to identify, others might confuse even the most attentive and cautious users. Therefore, it’s recommended to be careful with Apple emails, text messages and check the date of Apple ID expiration.

Scammers still try to reach victims via email

Your inbox has never been as dangerous as it is right now. Cyber criminals are sending letters with ransomware payloads and links that redirect to phishing websites. A couple of weeks ago scammers sent a bunch of emails that pretended to be a receipt from Apple too.

These emails typically had a subject line similar to these:

  • [ New Statement ] Your receipt from Apple [ 02 February 2018 ]
  • [ New Statement ] Thanks For Order . Your receipt from Apple [ 02 February 2018 ]

These letters reported that Edward Snowden purchased iCloud 2 TB Storage plan for $9.99. Nevertheless, Edward is a real person who worked in Central Intelligence Agency (CIA) and leaked information from the National Security Agency (NSA);[3] we can ensure that he is not using your email or Apple account to buy more space on iCloud.

The similar email hoax operates as a reminder from Apple that tells that someone from Monaco has logged in your Apple account using iPod. The poorly written message includes Cyrillic characters in order to bypass spam filters:[4]

[Reminder] [Notification Update] Statement new log-in your Apple account with other device
Fοuг уοuг ѕаfеtу, уοuг Αррlе ID hаѕ Ьееn lοсκеd Ьесаuѕе wе fοund ѕοmе ѕuѕрісіοuѕ асtіνіtу οn уοuг ассοunt. Ѕοmеοnе ассеѕѕіng уοuг ассοunt аnd mаκе ѕοmе сhаngе οn уοuг ассοunt іnfοгmаtіοn. This the details :
Country : Monaco
IP Address : [redacted]
Date and Time : 13:09, 06 Feb 2018
OS : iPod
Browser : Safari
If you did not make these action or you believe an unauthorized person has accessed your account, you should login to your account as soon as possible to verify your information.

Additionally, the message has a link to a website with HTTPS protocol. We want to remind that HTTPS does not give any guarantees that you are on the safe and legitimate site. Criminals know how to play around this security measure.

Scammers try to get your credentials by scaring that our Apple ID expires today

Researchers also reported about another hoax spreading via text messages. The short message tells that user’s Apple ID expires today. However, they can prevent this by confirming their ID at appleid-revise[.]com website.

However, this message is not sent by Apple Care. “Confirming” your information on this site will give criminals access to your account. Keep in mind that legit Apple ID website can be accessed via

Protect yourself from Apple scams

These examples of Apple scams prove that criminals become better and better in creating legit-looking emails or messages to trick users into clicking suspicious links or buttons. However, you can learn how to identify phishing attempts and avoid suffering from a cyber crime:

  • Sender’s email address does not match Apple’s email. If you are not sure whether the email is real or not, you should check the information online. Copy and paste the email into the search engine and see if there are any alerts about phishing.
  • You received a letter or text message to an email/phone number that is not associated with Apple.
  • The message includes a link that redirects to an unusual domain which does not seem to be related to the company.
  • The letter or message does not include your name and starts with “Dear customer” or similar.
  • The email includes an attachment. Keep in mind that in such way spread the majority of file-encrypting viruses. Thus, you should never rush to open email attachments.
  • The message asks to confirm or enter some personal information. Scammers often ask to enter login details, password or credit card information.
  • The email or message differs from the ones you have received from Apple before.
  • The message is full of grammar, spelling or use of English mistakes.

Apple support also provides other tips to protect yourself from cyber criminals.[5] For instance, you should enable two-factor authentication for your Apple ID, do not believe in security pop-ups noticed online or do not get tricked by phone calls from so-called “Apple specialists.”

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions

Read in other languages