/ Money

Scam warning: Apple ID ‘locked account’ email

25
Profile photo of George Martin George Martin Conversation Editor
Comments 25

This scam email is designed to steal your Apple password by sending you to a fake website. Have you received it? Here’s what it looks like.

When we covered the recent BT Brexit scam email on Which? Conversation, I noted that these phishing scams do tend to arrive with various different twists.

This one, purporting to be from Apple, is no different. This time scammers have added a fake ‘this message is from a trusted sender’ header of their own, which could be enough to catch people out.

It also follows the classic scam method of rushing its target into action with talk of ‘unathorised transcations’, ‘security measures’ and a locked account.

Here’s exactly what it looks like:

The email address it’s arrived from is, obviously, nonsense, but the presence of the Apple logo, brand colours and easy-to-read layout do make it a threat if it turns up in your inbox.

Much like the recent Santander, EE and Netflix scams we’ve seen, the ‘verify’ button will take you to a fake website where you’ll be instructed to ‘confirm your Apple ID’ by entering your username and password.

Once you’ve done that, scammers will have access to your Apple account including any payment information you have attached to it.

Phishing scam advice

We made Apple aware of this phishing scam and, while it didn’t wish to comment specifically, it did provide us with its own guides on identifying legitimate emails from iTunes or the App Store, and how to spot fraudulent emails.

The guide states that you should never share your Apple ID password with anyone, and that Apple will never ask you for this information to provide support.

We’d also echo its advice to use two-factor authentication on your accounts.

If you think you’ve entered your details into a scam site, change your password immediately and inform your bank.

Victims of fraud can also follow our advice on how to get your money back after a scam.

Have you received this Apple ID scam? Did your email software automatically flag it as spam?

Comments
25
Ian says:
20 January 2020

The lack of prepositions and pronouns in the email should alert the unwary. However, Apple won’t send you something like that; generally they flag the alert only on your computer and when you attempt to access the iTunes store or the App store.

However, this, once again, underlines what by now should be etched in glowing letters in the mind of anyone, anywhere who uses email:

Never, ever follow a link in an email.

2
Vote up  |  Vote down   Reply    Report
Share   
wavechange says:
20 January 2020

I have not seen this scam, but why would anyone pay attention if their account was working as normal?

Links in emails have many genuine uses but I don’t think they have a place in any email about money or accounts. Perhaps Which? could start a campaign about this.

2
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
DerekP says:
20 January 2020

I agree with wavechange that there can be legitimate uses for links in emails.

For example, those who have very limited typing and/or surfing skills may find them to be a great way of directing them to an intended target website, without getting hijacked along the way, which can be a risk if they try to navigate their way there from scratch.

Also, whilst most scams won’t fool most folk most of the time, scammers only need to fool some folk some of the time.

2
Vote up  |  Vote down   Reply    Report
Share   
Ian says:
20 January 2020

I agree there are limited uses, Derek; but most folk will have the site in question bookmarked. Perhaps that might make a good campaign, point: training folk to bookmark important sites from the outset.

For example, I always bookmark ‘My Account’ pages, as well as ‘contact us’ pages.

0
Vote up  |  Vote down   Reply    Report
Share   
John Ward says:
20 January 2020

People sometimes question why literacy and competence in the use of the English language are given such emphasis in a world where we can communicate adequately with bad spelling, bad grammar, poor sentence construction, and misuse of words. One good reason is to be able to spot a scam. This one is riddled with errors and is clearly emanating from a foreign place, but I bet some have fallen for it because they didn’t recognise the signs. As a nation we don’t need to be pedantic about the use of English but we should certainly be aware. Unfortunately, many organisations are populated with people with poor communication [or mental reasoning] skills so many official missives are questionable. The attempt at being familiar or colloquial is often a good giveaway and, in my view, has no place in official communications between companies and their customers – it makes the scammers work easier.

5
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
malcolm r says:
20 January 2020

There will be many people in this country who do not have the literacy skills we like to assume – those badly educated but, perhaps, more importantly those from other countries. We continually advise people about scams, but who does that advice reach and who pays proper attention? It is all very well to say if their is nothing wrong with your account, why respond? Well, scams seem to generate responses about Amazon Prime, internet is being terminated, for example so this is no answer. And while I bookmark important items I wonder how many others are properly organised? So people do respond.

I would legislate that no email involving finances should carry a link; simply a request to visit your account or the sender’s website.

3
Vote up  |  Vote down   Reply    Report
Share   
John Ward says:
21 January 2020

An interesting example of corporate illiteracy is an e-mail received this morning from BT about an engineer’s visit booked for this morning. It says “James’s getting ready for you and will be with you today”.

For “engineer” read “technician” [at best].

0
Vote up  |  Vote down   Reply    Report
Share   
Philip Keeling says:
24 January 2020

I received a similar text message from ‘AppID’ that contained a link to a web page. I ignored it.

0
Vote up  |  Vote down   Reply    Report
Share   
Richard says:
24 January 2020

I am getting regular phone calls by a recording of an American Lady saying that my Apple account needs up-dating and to press a number to get connected. I always put the phone down but I suspect I am being invited to phone a number that will lead me to divulging info.

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
George Martin says:
24 January 2020

Keep putting the phone down, Richard. It sounds like that call works in exactly the same way as this Amazon Prime scam: https://conversation.which.co.uk/money/amazon-prime-renewal-scam-phone-call/

0
Vote up  |  Vote down   Reply    Report
Share   
John Parker says:
24 January 2020

My wife gets a message every morning asking her to confirm her apple ID which we can’t remember.
should we ignore it.

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
George Martin says:
24 January 2020

Hi John. I’d be interested to see a screenshot of exactly what your wife is receiving and the email address it’s come from. Please do feel free to send a copy to conversation.comments@which.co.uk and I can look into it for you.

0
Vote up  |  Vote down   Reply    Report
Share   
Stephen Jones says:
27 January 2020

Hello,
I have had two such e mails about my apple account in the last week. I have ignored them of course.
However, when using Pay pal recently my wife received a message saying that there were possible security issues with our Paypal account and requested her to log on via a link in the e mail.
She was taken in by this and started providing our personal details before I stopped her.
As a result, we cancelled the credit card that was attached to the Paypal account which caused a lot of inconvenience to us as we use the card to pay for most of our purchases/bills.
As a result we have been receiving e mails asking us to update various account payment details.
So, in the case of the Apple e mails I was almost duped as I was expecting such a message.

0
Vote up  |  Vote down   Reply    Report
Share   
S. F. Clark says:
27 January 2020

I’ve had many of these e-mails purporting to be from Apple. I used to forward them to Apple but don’t bother anymore as they seem so obvious now. If you haven’t told anybody about you account then nobody knows that you have one. As Apple helpfully says, they will always address you by your Christian name if it’s genuine.

It may be of little relevance but I am 86 and understand some people can be easily confused. ”Buyer beware” was always good sense.

Stan Clark
S. F. Clark

0
Vote up  |  Vote down   Reply    Report
Share   
Jan says:
27 January 2020

Look out for spelling mistakes and poor grammar. It’s a giveaway

0
Vote up  |  Vote down   Reply    Report
Share   
Maz says:
27 January 2020

I got locked out of my ipad 6 months ago – received message via email similar to the above also requesting bank details – ignored it – ipad lying dormant on table, but i have some sentimental pics i cant access!!

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
Brenda says:
4 March 2020

Dear Maz
Have you visited an Apple Store for assistance with your issue? You generally will need to book with one of their ‘welcomers’ on your visit and wait for an hour to see someone, but staff there should be able to assist you with your i-Pad issue. I have also received excellent Apple support by phoning their support line.

All the best with getting your issue resolved.

0
Vote up  |  Vote down   Reply    Report
Share   
DerekP says:
4 March 2020

Hi Maz, sorry to hear this.

Apple have some forgotten password bypass steps here:-https://support.apple.com/en-gb/HT204306 but those steps don’t seem to allow you to keep the data on your device, if that data was not already backed up to iCloud.

My old Apple Macbook was different – and did allow me to reset my lost user password without any loss of data. In the past, I’ve also done similar tricks on Windows and Linux PC’s, but I have also failed on Android devices.

0
Vote up  |  Vote down   Reply    Report
Share   
wavechange says:
4 March 2020

The information needed will be on the Apple website but phoning Apple or calling into an Apple Store will be the easiest option.

It’s important not to let the battery of a tablet (or phone or laptop) become completely discharged when not in use, otherwise it could be damaged.

0
Vote up  |  Vote down   Reply    Report
Share   
Stephen Thumpston says:
10 April 2020

Yup. Seen this one many times.

0
Vote up  |  Vote down   Reply    Report
Share   
efi says:
7 May 2020

Hello.
I received this mail one hour ago. Due to some problems I had with my ID when i was logging in from my macbook I did not think it was a scam, so I followed this link and I typed my email and password. Then they asked me about further infos like my phone etc and I started thinking something is not going right. I changed immediately my apple id password.First of all, I am worried because I selected ‘remember me’ on this fake site, so they might have my past password and of course my username of my apple ID. And secondly, I am much worried if they have already got my bank account codes. Could you help me please?

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
George Martin says:
7 May 2020

Hi efi. If you use the same password for other accounts I’d recommend changing it ASAP. From what you’ve described it’s unlikely bank details have been compromised, but if you have any doubts you should let your bank knows what’s happened. Hope this helps.

0
Vote up  |  Vote down   Reply    Report
Share   
efi says:
7 May 2020

Thank you very much!!

0
Vote up  |  Vote down   Reply    Report
Share   
Brian says:
9 May 2020

When I get calls with the obvious Indian accent I just ask what the weather is like in India and thats enough for the call to be ended abruptly. Mind you I did get a call from a gentleman with a strong accent a couple of days ago who wanted my NHS number (to do with the virus) but when I told him it’s a scam he said he quite understood and gave me a web address which when I checked via the gov.uk website the address he gave was correct. So was it a scam or not I don’t really know. Just call me Mr suspicious. However I have noticed a worrying trend. Last year I had a long standing problem with BT and had to keep calling over many weeks till the fault was found and rectified. But each time I was routed to their Indian call centre within 24 hours I had a scam call. Once could be coincidence but this happened three times but never when using the UK call centre. Mr suspicious thinks it could be a security leak. I did report to BT but they were not really interested I believe they are bringing most support back to the uk.

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
John Ward says:
10 May 2020

A few years ago, when I still enjoyed teasing telephone scammers, the most frequent call was the ‘BT technical support’ scam in which the voice stated that my internet connection would be shut down unless I did this or that immediately. I asked where they were calling from and they usually gave the address of BT’s HQ in Newgate Street in the City of London. Knowing that that was just a corporate head office with no technical functions in it I would ask the caller to give me the name of the nearest Underground station or name two famous landmark buildings within a five minute walk. That usually closed the engagement.

0
Vote up  |  Vote down   Reply    Report
Share   
 

Related discussions