A number of friends have recently forwarded me examples of some relatively convincing-looking phishing emails purporting to be from Apple. These include fake Apple Music subscriptions or purchases, inviting the user to login to the Apple website to cancel the transaction if it wasn’t made by them.
The link, of course, goes to a fraudulent site, but many of them are close copies of the real thing. No 9to5Mac reader would be taken in by any of them, but a non-tech person might be. So if you’re the person who acts as unofficial tech advisor to your friends, you might want to ensure they are up to speed on these …
Apple has a great support document on how to identify phishing emails (with others here and here). This goes into more technical detail than is suitable for the average normal out there, so you might instead want to point them to a simple checklist like this one:
- Check whether your actual Apple ID is in the body of the email (it should be)
- Make sure there is no generic greeting, like ‘Dear customer’ or similar
- Hover over any links in an email and check the status bar for the actual link
- If unsure how to do this, check the status bar of your browser
- Don’t open any attachments (these often claim to be invoices, receipts and so on)
- Never reply to an email asking for any personal info (see examples below)
Apple gives examples of information it will never ask for via email. These are:
- Social Security Number
- Mother’s maiden name
- Full credit card number
- Credit card CCV code
Another warning sign is an email demanding urgent action, such as telling you that you have only 24 hours to cancel a purchase if it wasn’t made by you. Apple will never send this type of email. (This tactic is especially common with fake PayPal emails, that claim your account will be locked or closed unless you verify quickly.)
If an email looks genuine, it’s safest to type in the URL rather than clicking a link. Genuine Apple URLs are short. However, if you do click a link in an email:
- Check the actual URL shown in the address bar
- Watch for redirects – if it goes to one address and then to another one, it’s probably fake
- Look out for pop-ups: Apple does not use these
Note that many fake websites use genuine links for everything except the bit they care about: the login. So you could mouseover any of the links in the fake site shown at the top of this piece, and those may very well all be genuine – but the login will give your Apple credentials to the phisher.
Finally, if you are 99% certain you’re on a genuine Apple site but have just that tiniest of doubts, use the wrong password. A fake site will usually show you as logged-in and then start demanding personal information from you.