We Just Got a Phishing E-mail from Apple

And it looks legit, unless…


Hey, it’s not the first time that the first glance at an email fooled me. Today’s Phishing scams look a lot like legitimate emails. They’re gaining in sophistication every day.

And today we got one from Apple.

Do you have an iTunes account?


Did you get an email from Apple?

How about an email that said your Apple ID had been used to make a purchase recently?  Guess what — this latest scam targeted you. But you were too smart to be fooled, right?

Scammers are becoming even more clever, and their scams are getting much harder to distinguish from actual Apple (in this case) corporate communications.

Today’s scam? It’s known as brand spoofing.

Just this week a member of my team received one of these emails.  It had some distinctive markers that identified it as a phishing email. Once she dug in.

FIRST, off she had no account with the company that used the email account to which they sent the email.


SECOND, she looked up the contact information for the company in question and called them to have them verify the authenticity of the email.  The company told them they had sent no such email.

They told her where to report it as a phishing attempt.  She emailed a copy of the email to them at the address they gave her.


So how do you recognize an Email whose purpose is to phish? To get you to do something that’s to their advantage?

They might be trying to get a password, bank account numbers, credit card information, or personal ID.

Remember that you should NEVER send Credit Card Information, Account Passwords or personally identifiable information by email.

Don’t wire funds to an account without double-verifying it with the heads of the companies involved.

Verifying the identity of someone through email is tough.  Most companies have established policies on the soliciting customer information over email.

In today’s emails, the criminal scammers are impersonating Apple support and include an attachment (NEVER DONE BY APPLE) that instructs you to use it to cancel the purchase.

The form asks for personally sensitive and financial information that they can use to steal money from unsuspecting victims. In addition to trying to get you to provide personal information in some cases, they may also be trying to install malware on victims’ computers or devices.

You will find a copy of today’s “Apple” Phishing email with this article. We’ve circled the tell-tale signs of a Phishing attack.

Check out some of the “troublesome scam markings” present in this “Apple” email.

Red Flags:

    • They are often sent using a fake Apple email address
      • You can check this by going to whois.net
    • They are generic and don’t include your name
      • You are their customer — why would they not address you by name
    • There are grammatical and spelling errors
      • A corporate entity like Apple spends tons of money getting their marketing right — why would they send you a letter filled with poor grammar and spelling errors
    • The email encourages you to open an attachment
      • Apple does not send attachments requesting personal or financial information.

Not sure if that Apple email is legitimate, follow these tips:

    • Genuine purchase receipts will include your current billing address
    • Apple will never ask you to provide personal (such as credit card number or address) information over email
    • The only place to update your account information through the Apple settings
    • Anyone receiving suspicious emails purporting to come from Apple may forward them to the company at reportphishing@apple.com.

So how can you protect yourself from falling victim to these types of phishing emails:

Step 1: Don’t click on links in an unexpected email

Step 2: Don’t download or open attachments from an anonymous sender

Step 3: Be cautious of generic emails with little or no specific details of your account

These con-artists will continue to develop new and more creative ways to take advantage of consumers online.

It is crucial that you never respond to requests for personal information via e-mail. If you think an email is legitimate, contact the company by phone or through its website to confirm. Never click on any links you receive in unsolicited e-mails.

If you believe you have been the victim of this or any other scam or attempted scam, the Office your State Attorney General can help.


Helpful Link: