A number of friends have recently forwarded me examples of some relatively convincing-looking phishing emails purporting to be from Apple. These include fake Apple Music subscriptions or purchases, inviting the user to login to the Apple website to cancel the transaction if it wasn’t made by them.

The link, of course, goes to a fraudulent site, but many of them are close copies of the real thing. No 9to5Mac reader would be taken in by any of them, but a non-tech person might be. So if you’re the person who acts as unofficial tech advisor to your friends, you might want to ensure they are up to speed on these …

Apple has a great support document on how to identify phishing emails (with others here and here). This goes into more technical detail than is suitable for the average normal out there, so you might instead want to point them to a simple checklist like this one:

  • Check whether your actual Apple ID is in the body of the email (it should be)
  • Make sure there is no generic greeting, like ‘Dear customer’ or similar
  • Hover over any links in an email and check the status bar for the actual link
  • If unsure how to do this, check the status bar of your browser
  • Don’t open any attachments (these often claim to be invoices, receipts and so on)
  • Never reply to an email asking for any personal info (see examples below)

Apple gives examples of information it will never ask for via email. These are:

  • Social Security Number
  • Mother’s maiden name
  • Full credit card number
  • Credit card CCV code

Another warning sign is an email demanding urgent action, such as telling you that you have only 24 hours to cancel a purchase if it wasn’t made by you. Apple will never send this type of email. (This tactic is especially common with fake PayPal emails, that claim your account will be locked or closed unless you verify quickly.)

If an email looks genuine, it’s safest to type in the URL rather than clicking a link. Genuine Apple URLs are short. However, if you do click a link in an email:

  • Check the actual URL shown in the address bar
  • Watch for redirects – if it goes to one address and then to another one, it’s probably fake
  • Look out for pop-ups: Apple does not use these

Note that many fake websites use genuine links for everything except the bit they care about: the login. So you could mouseover any of the links in the fake site shown at the top of this piece, and those may very well all be genuine – but the login will give your Apple credentials to the phisher.

Finally, if you are 99% certain you’re on a genuine Apple site but have just that tiniest of doubts, use the wrong password. A fake site will usually show you as logged-in and then start demanding personal information from you.


FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear