/ Money

Scam warning: Apple ID ‘locked account’ email

This scam email is designed to steal your Apple password by sending you to a fake website. Have you received it? Here’s what it looks like.

When we covered the recent BT Brexit scam email on Which? Conversation, I noted that these phishing scams do tend to arrive with various different twists.

This one, purporting to be from Apple, is no different. This time scammers have added a fake ‘this message is from a trusted sender’ header of their own, which could be enough to catch people out.

It also follows the classic scam method of rushing its target into action with talk of ‘unathorised transcations’, ‘security measures’ and a locked account.

Here’s exactly what it looks like:

The email address it’s arrived from is, obviously, nonsense, but the presence of the Apple logo, brand colours and easy-to-read layout do make it a threat if it turns up in your inbox.

Much like the recent Santander, EE and Netflix scams we’ve seen, the ‘verify’ button will take you to a fake website where you’ll be instructed to ‘confirm your Apple ID’ by entering your username and password.

Once you’ve done that, scammers will have access to your Apple account including any payment information you have attached to it.

Phishing scam advice

We made Apple aware of this phishing scam and, while it didn’t wish to comment specifically, it did provide us with its own guides on identifying legitimate emails from iTunes or the App Store, and how to spot fraudulent emails.

The guide states that you should never share your Apple ID password with anyone, and that Apple will never ask you for this information to provide support.

We’d also echo its advice to use two-factor authentication on your accounts.

If you think you’ve entered your details into a scam site, change your password immediately and inform your bank.

Victims of fraud can also follow our advice on how to get your money back after a scam.

Have you received this Apple ID scam? Did your email software automatically flag it as spam?

Comments

The lack of prepositions and pronouns in the email should alert the unwary. However, Apple won’t send you something like that; generally they flag the alert only on your computer and when you attempt to access the iTunes store or the App store.

However, this, once again, underlines what by now should be etched in glowing letters in the mind of anyone, anywhere who uses email:

Never, ever follow a link in an email.

I have not seen this scam, but why would anyone pay attention if their account was working as normal?

Links in emails have many genuine uses but I don’t think they have a place in any email about money or accounts. Perhaps Which? could start a campaign about this.

I agree with wavechange that there can be legitimate uses for links in emails.

For example, those who have very limited typing and/or surfing skills may find them to be a great way of directing them to an intended target website, without getting hijacked along the way, which can be a risk if they try to navigate their way there from scratch.

Also, whilst most scams won’t fool most folk most of the time, scammers only need to fool some folk some of the time.

I agree there are limited uses, Derek; but most folk will have the site in question bookmarked. Perhaps that might make a good campaign, point: training folk to bookmark important sites from the outset.

For example, I always bookmark ‘My Account’ pages, as well as ‘contact us’ pages.

People sometimes question why literacy and competence in the use of the English language are given such emphasis in a world where we can communicate adequately with bad spelling, bad grammar, poor sentence construction, and misuse of words. One good reason is to be able to spot a scam. This one is riddled with errors and is clearly emanating from a foreign place, but I bet some have fallen for it because they didn’t recognise the signs. As a nation we don’t need to be pedantic about the use of English but we should certainly be aware. Unfortunately, many organisations are populated with people with poor communication [or mental reasoning] skills so many official missives are questionable. The attempt at being familiar or colloquial is often a good giveaway and, in my view, has no place in official communications between companies and their customers – it makes the scammers work easier.

There will be many people in this country who do not have the literacy skills we like to assume – those badly educated but, perhaps, more importantly those from other countries. We continually advise people about scams, but who does that advice reach and who pays proper attention? It is all very well to say if their is nothing wrong with your account, why respond? Well, scams seem to generate responses about Amazon Prime, internet is being terminated, for example so this is no answer. And while I bookmark important items I wonder how many others are properly organised? So people do respond.

I would legislate that no email involving finances should carry a link; simply a request to visit your account or the sender’s website.

An interesting example of corporate illiteracy is an e-mail received this morning from BT about an engineer’s visit booked for this morning. It says “James’s getting ready for you and will be with you today”.

For “engineer” read “technician” [at best].

Philip Keeling says:
24 January 2020

I received a similar text message from ‘AppID’ that contained a link to a web page. I ignored it.

Richard says:
24 January 2020

I am getting regular phone calls by a recording of an American Lady saying that my Apple account needs up-dating and to press a number to get connected. I always put the phone down but I suspect I am being invited to phone a number that will lead me to divulging info.

John Parker says:
24 January 2020

My wife gets a message every morning asking her to confirm her apple ID which we can’t remember.
should we ignore it.

Stephen Jones says:
27 January 2020

Hello,
I have had two such e mails about my apple account in the last week. I have ignored them of course.
However, when using Pay pal recently my wife received a message saying that there were possible security issues with our Paypal account and requested her to log on via a link in the e mail.
She was taken in by this and started providing our personal details before I stopped her.
As a result, we cancelled the credit card that was attached to the Paypal account which caused a lot of inconvenience to us as we use the card to pay for most of our purchases/bills.
As a result we have been receiving e mails asking us to update various account payment details.
So, in the case of the Apple e mails I was almost duped as I was expecting such a message.

S. F. Clark says:
27 January 2020

I’ve had many of these e-mails purporting to be from Apple. I used to forward them to Apple but don’t bother anymore as they seem so obvious now. If you haven’t told anybody about you account then nobody knows that you have one. As Apple helpfully says, they will always address you by your Christian name if it’s genuine.

It may be of little relevance but I am 86 and understand some people can be easily confused. ”Buyer beware” was always good sense.

Stan Clark
S. F. Clark

Look out for spelling mistakes and poor grammar. It’s a giveaway

I got locked out of my ipad 6 months ago – received message via email similar to the above also requesting bank details – ignored it – ipad lying dormant on table, but i have some sentimental pics i cant access!!

Brenda says:
4 March 2020

Dear Maz
Have you visited an Apple Store for assistance with your issue? You generally will need to book with one of their ‘welcomers’ on your visit and wait for an hour to see someone, but staff there should be able to assist you with your i-Pad issue. I have also received excellent Apple support by phoning their support line.

All the best with getting your issue resolved.

DerekP says:
4 March 2020

Hi Maz, sorry to hear this.

Apple have some forgotten password bypass steps here:-https://support.apple.com/en-gb/HT204306 but those steps don’t seem to allow you to keep the data on your device, if that data was not already backed up to iCloud.

My old Apple Macbook was different – and did allow me to reset my lost user password without any loss of data. In the past, I’ve also done similar tricks on Windows and Linux PC’s, but I have also failed on Android devices.

The information needed will be on the Apple website but phoning Apple or calling into an Apple Store will be the easiest option.

It’s important not to let the battery of a tablet (or phone or laptop) become completely discharged when not in use, otherwise it could be damaged.