/ Money

Scam warning: Apple ID ‘locked account’ email

16
Profile photo of George Martin George Martin Conversation Editor
Comments 16

This scam email is designed to steal your Apple password by sending you to a fake website. Have you received it? Here’s what it looks like.

When we covered the recent BT Brexit scam email on Which? Conversation, I noted that these phishing scams do tend to arrive with various different twists.

This one, purporting to be from Apple, is no different. This time scammers have added a fake ‘this message is from a trusted sender’ header of their own, which could be enough to catch people out.

It also follows the classic scam method of rushing its target into action with talk of ‘unathorised transcations’, ‘security measures’ and a locked account.

Here’s exactly what it looks like:

The email address it’s arrived from is, obviously, nonsense, but the presence of the Apple logo, brand colours and easy-to-read layout do make it a threat if it turns up in your inbox.

Much like the recent Santander, EE and Netflix scams we’ve seen, the ‘verify’ button will take you to a fake website where you’ll be instructed to ‘confirm your Apple ID’ by entering your username and password.

Once you’ve done that, scammers will have access to your Apple account including any payment information you have attached to it.

Phishing scam advice

We made Apple aware of this phishing scam and, while it didn’t wish to comment specifically, it did provide us with its own guides on identifying legitimate emails from iTunes or the App Store, and how to spot fraudulent emails.

The guide states that you should never share your Apple ID password with anyone, and that Apple will never ask you for this information to provide support.

We’d also echo its advice to use two-factor authentication on your accounts.

If you think you’ve entered your details into a scam site, change your password immediately and inform your bank.

Victims of fraud can also follow our advice on how to get your money back after a scam.

Have you received this Apple ID scam? Did your email software automatically flag it as spam?

Comments
16
Ian says:
20 January 2020

The lack of prepositions and pronouns in the email should alert the unwary. However, Apple won’t send you something like that; generally they flag the alert only on your computer and when you attempt to access the iTunes store or the App store.

However, this, once again, underlines what by now should be etched in glowing letters in the mind of anyone, anywhere who uses email:

Never, ever follow a link in an email.

2
Vote up  |  Vote down   Reply    Report
Share   
wavechange says:
20 January 2020

I have not seen this scam, but why would anyone pay attention if their account was working as normal?

Links in emails have many genuine uses but I don’t think they have a place in any email about money or accounts. Perhaps Which? could start a campaign about this.

2
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
DerekP says:
20 January 2020

I agree with wavechange that there can be legitimate uses for links in emails.

For example, those who have very limited typing and/or surfing skills may find them to be a great way of directing them to an intended target website, without getting hijacked along the way, which can be a risk if they try to navigate their way there from scratch.

Also, whilst most scams won’t fool most folk most of the time, scammers only need to fool some folk some of the time.

2
Vote up  |  Vote down   Reply    Report
Share   
Ian says:
20 January 2020

I agree there are limited uses, Derek; but most folk will have the site in question bookmarked. Perhaps that might make a good campaign, point: training folk to bookmark important sites from the outset.

For example, I always bookmark ‘My Account’ pages, as well as ‘contact us’ pages.

0
Vote up  |  Vote down   Reply    Report
Share   
John Ward says:
20 January 2020

People sometimes question why literacy and competence in the use of the English language are given such emphasis in a world where we can communicate adequately with bad spelling, bad grammar, poor sentence construction, and misuse of words. One good reason is to be able to spot a scam. This one is riddled with errors and is clearly emanating from a foreign place, but I bet some have fallen for it because they didn’t recognise the signs. As a nation we don’t need to be pedantic about the use of English but we should certainly be aware. Unfortunately, many organisations are populated with people with poor communication [or mental reasoning] skills so many official missives are questionable. The attempt at being familiar or colloquial is often a good giveaway and, in my view, has no place in official communications between companies and their customers – it makes the scammers work easier.

4
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
malcolm r says:
20 January 2020

There will be many people in this country who do not have the literacy skills we like to assume – those badly educated but, perhaps, more importantly those from other countries. We continually advise people about scams, but who does that advice reach and who pays proper attention? It is all very well to say if their is nothing wrong with your account, why respond? Well, scams seem to generate responses about Amazon Prime, internet is being terminated, for example so this is no answer. And while I bookmark important items I wonder how many others are properly organised? So people do respond.

I would legislate that no email involving finances should carry a link; simply a request to visit your account or the sender’s website.

3
Vote up  |  Vote down   Reply    Report
Share   
John Ward says:
21 January 2020

An interesting example of corporate illiteracy is an e-mail received this morning from BT about an engineer’s visit booked for this morning. It says “James’s getting ready for you and will be with you today”.

For “engineer” read “technician” [at best].

0
Vote up  |  Vote down   Reply    Report
Share   
Philip Keeling says:
24 January 2020

I received a similar text message from ‘AppID’ that contained a link to a web page. I ignored it.

0
Vote up  |  Vote down   Reply    Report
Share   
Richard says:
24 January 2020

I am getting regular phone calls by a recording of an American Lady saying that my Apple account needs up-dating and to press a number to get connected. I always put the phone down but I suspect I am being invited to phone a number that will lead me to divulging info.

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
George Martin says:
24 January 2020

Keep putting the phone down, Richard. It sounds like that call works in exactly the same way as this Amazon Prime scam: https://conversation.which.co.uk/money/amazon-prime-renewal-scam-phone-call/

0
Vote up  |  Vote down   Reply    Report
Share   
John Parker says:
24 January 2020

My wife gets a message every morning asking her to confirm her apple ID which we can’t remember.
should we ignore it.

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
George Martin says:
24 January 2020

Hi John. I’d be interested to see a screenshot of exactly what your wife is receiving and the email address it’s come from. Please do feel free to send a copy to conversation.comments@which.co.uk and I can look into it for you.

0
Vote up  |  Vote down   Reply    Report
Share   
Stephen Jones says:
27 January 2020

Hello,
I have had two such e mails about my apple account in the last week. I have ignored them of course.
However, when using Pay pal recently my wife received a message saying that there were possible security issues with our Paypal account and requested her to log on via a link in the e mail.
She was taken in by this and started providing our personal details before I stopped her.
As a result, we cancelled the credit card that was attached to the Paypal account which caused a lot of inconvenience to us as we use the card to pay for most of our purchases/bills.
As a result we have been receiving e mails asking us to update various account payment details.
So, in the case of the Apple e mails I was almost duped as I was expecting such a message.

0
Vote up  |  Vote down   Reply    Report
Share   
S. F. Clark says:
27 January 2020

I’ve had many of these e-mails purporting to be from Apple. I used to forward them to Apple but don’t bother anymore as they seem so obvious now. If you haven’t told anybody about you account then nobody knows that you have one. As Apple helpfully says, they will always address you by your Christian name if it’s genuine.

It may be of little relevance but I am 86 and understand some people can be easily confused. ”Buyer beware” was always good sense.

Stan Clark
S. F. Clark

0
Vote up  |  Vote down   Reply    Report
Share   
Jan says:
27 January 2020

Look out for spelling mistakes and poor grammar. It’s a giveaway

0
Vote up  |  Vote down   Reply    Report
Share   
Maz says:
27 January 2020

I got locked out of my ipad 6 months ago – received message via email similar to the above also requesting bank details – ignored it – ipad lying dormant on table, but i have some sentimental pics i cant access!!

0
Vote up  |  Vote down   Reply    Report
Share   
 

Related discussions