Some would say that nothing is important until Apple starts talking about it. So when Apple posted a support article on Feb. 23 about an iTunes and App Store phishing threat, people paid attention.
So what’s this all about? Aren’t Apple products impervious to viruses? (NO! Apple systems can be vulnerable to malware and other security threats!) Why should Apple customers care about a phishing email? These phishing emails aren’t intended to infect your computer or iPhone. The scammers are after your credit card information.
The phishing email Apple customers are receiving looks pretty convincing. The scammers use the same language, formatting, and graphics as official Apple correspondence — right down to the official Apple and iTunes logos. The emails typically take the form of an iTunes receipt, an App Store subscription renewal message, or a reminder to update your account information. They also ask for your mother’s maiden name, your credit card number and CVV, and sometimes even your Social Security Number — information Apple would never request through email.
After more than a few customers fell victim to the scam, Apple released a new guide on how to identify legitimate emails. They break down what to look for when reading a suspicious email, and how people can protect their confidential information. Here’s a summary:
- Genuine purchase receipts—from the App Store, iTunes Store, iBooks Store, or Apple Music—include your current billing address, which scammers are unlikely to have. If an email receipt claims to be from Apple and doesn’t include your address, it’s most likely a scam.
- If you receive an email asking you to update your account or payment information, only do so in Settings directly on your device. Do not follow any links within a suspicious email.
- To update your password for the Apple ID that you use for purchases, do so only in Settings on your device or at appleid.apple.com.
Apple encourages people to forward any suspicious emails with Apple “branding” to reportphishing@apple.com. You could also forward them to reportaphish@udel.edu for UD IT staff to investigate.
If you think you might have fallen victim to this phishing scam, immediately change your Apple ID password.
Remember, it’s up to you to educate yourself and protect yourself against scams like the ones Apple describes. Apple, UD IT, online experts, and departmental IT staff can only warn you about the seriousness of phishing scams and provide information to help you keep your identity and confidential information safe. It’s your responsibility to protect yourself and your information. With all the phishing scams trying to steal your information, detecting and avoiding scams is just as essential a personal security practice as locking your front door. Stay safe out there, and remember
Think Before You Click!