The Apple ID scam is the latest threat aimed at targeting Apple users. This scam falsely claims your Apple ID (now referred to as "Apple Account" in iOS 18) has been suspended and lures unsuspecting users into sharing their credentials.
A new phishing scam targets Apple users, claiming their Apple ID/Account has been suspended. The scam involves convincing emails that mimic Apple’s branding, including logos, fonts, and formatting, to create the illusion of legitimacy. These emails urge recipients to click on a link to “recover” their account, which directs them to a fake Apple login page. If users enter their credentials, cybercriminals gain access to their accounts, potentially allowing unauthorized purchases, exposure of personal data in iCloud, or further security breaches. This scam is part of a larger trend where phishing attacks leverage fear and urgency to manipulate users into acting hastily, often with devastating consequences.
With over 2 billion active Apple devices worldwide, the tech giant's user base is a prime target for cybercriminals. Scammers are leveraging the trust placed in Apple’s ecosystem by sending fraudulent emails warning users that their Apple ID has been suspended. These emails often mimic official Apple communications in tone and appearance, tricking users into clicking malicious links.
This isn’t the first time Apple users have been targeted. Earlier scams claimed iCloud storage was full, pushing users to “upgrade” by clicking on fraudulent links.
Learn more: What is a phishing attack?
To safeguard your Apple account and personal data, here are practical steps every Apple user should take:
Always check the sender’s email address to confirm it is from Apple. “If it's a genuine email from Apple, the account will end in @email.apple.com,” says Apple.
According to Forbes, Apple has emphasized that it will “never ask you to log in to any website, or to tap Accept in the two-factor authentication [2FA] dialog, or to provide your password, device passcode, or 2FA code or to enter it into any website.”
Apple users are advised to not click on links in unsolicited emails, especially those claiming urgent action is needed. Instead, visit the official Apple website or app to verify account activity.
Scrutinize emails for inconsistencies such as spelling errors, awkward phrasing, or unusual formatting. Suspicious emails often contain generic greetings like “Dear User” instead of your name.
Read also: How to spot AI phishing attempts and other security threats
Apple reminds users to be cautious: “If you’re suspicious about an unexpected message, call, or request for personal information, it’s safer to presume that it’s a scam.”
If you receive a suspicious email, forward it to reportphishing@apple.com and then mark it as spam. Reporting scams helps Apple and other organizations track and combat these threats.
If you suspect your Apple account has been accessed by unauthorized parties, change your password immediately through the official Apple website. Turning on 2FA can further enhance your account’s security.
See also: HIPAA Compliant Email: The Definitive Guide
Check that the website URL starts with "https://" and includes "apple.com" in the address bar. Avoid entering your credentials on any website that seems unfamiliar or doesn’t have the official Apple domain.
No, phishing can occur through various communication channels, including emails, text messages (smishing), social media, phone calls (vishing), and even fake websites designed to steal personal information.