The latest Apple ID phishing scam comes in the form of a fake confirmation of a Spotify subscription. The phishing attempt hopes to get you to give up your Apple ID by erroneously claiming you’ve purchased a year of Spotify Premium. The tactic was first reported on by Business Insider.
Ecobee HomeKit Thermostat
Essentially, the hackers send an email that is a fake confirmation of a year-long Spotify Premium subscription agreement. If you choose the option to “review your subscription,” you’re taken to a page that disguises itself as an Apple ID login page. Presumably, once you attempt to log-in to that page, your Apple ID email and password are logged, securing a victory for the hackers.
As is usually the case, tech savvy people would likely easily catch on to this phishing attempt almost immediately. The general public, however, might not realize the red flags once they see that their “credit card” had been “charged” $150.99″ and they immediately try to cancel or reverse the charges through that “review your subscription” link.
Apple ID phishing scams are incredibly common, so much so that Apple has a support page dedicated to providing tips on how to avoid falling for these scams. These are the tips Apple outlines on watching for posing emails and texts:
- The sender’s email address or phone number doesn’t match the name of the company that it claims to be from.
- Your email address or phone number is different from the one that you gave that company.
- The message starts with a generic greeting, like “Dear customer.” Most legitimate companies will include your name in their messages to you.
- A link appears to be legitimate but takes you to a website whose URL doesn’t match the address of the company’s website.*
- The message looks significantly different from other messages that you’ve received from the company.
- The message requests personal information, like a credit card number or account password.
- The message is unsolicited and contains an attachment.
Read Apple’s full guide on how to watch for Apple ID phishing scams here.