Think of using a Mac or any Apple device saves you completely from online scams and threats? Think again. Persistent cybercriminals will not stop devising different strategies until they achieve success. Over the years, these perpetrators have come up with different ways to trick people into giving them what they want — money, sensitive data, and confidential details.
Email scams have been rampant since forever. A common Mac phishing scam doing the rounds today takes the form of fake iTunes and App Store invoice emails. In February 2018, Apple released a support page to serve as a guide for users on how to identify legitimate emails from iTunes and the App Store. By releasing this support page, Apple essentially recognized the fact that these scam and phishing emails do exist.
What Does an iTunes or App Store Phishing Scam Do?
Scammers have one sole purpose – to steal identities of individuals they can use for their own greed. The typical strategy is to disguise their invites with links or websites that look like a legitimate organization or company, that requires logging in or specific personal information. In the case of the App Store or iTunes phishing scam, emails that look like they are from Apple are sent to users. Most of the time, users are asked to click on a link to update their account information. Meanwhile, others look like a receipt or an invoice from the App Store, the iTunes store, Apple Music, or the iBooks Store which will prompt you to input payment and billing information.
How to Identify iTunes or App Store Phishing Email?
When you receive an email from the App Store or the iTunes Store and you’re not sure if it’s legitimate:
- Check the purchase invoice or receipt if it contains your current billing address. Scammers are unlikely to have this information, which is probably one of the information they want to get from you in the first place.
- A legit email from the App Store, iTunes Store, iBooks Store, or Apple Music will never ask you to provide sensitive information about you via email or a link to a website. The phishing email typically asks for your social security number, mother’s maiden name, and your credit card details.
- If you get a suspicious email, go to the store where it’s supposedly from, then review your purchase history. If you or anyone you authorized to use your account didn’t make the purchase, then the email you received is likely a phishing email.
What to Do When You Get a Phishing Email?
When you receive a suspicious email, do not click on anything and do not enter your details anywhere. If you receive an email asking you to update your account or payment information, remember that this should be done only in the Settings of your Mac, iPhone, iPad, or iPod, and in iTunes or the App Store.
You may also forward and report the malicious email to Apple. Forward it to firstname.lastname@example.org. If and when you realized very late that you entered your password and some information via the email scam, change your Apple ID and password immediately. If you input credit card or bank details, make sure to call your bank right away to let them know of the situation and block any unusual activities or transactions.
True enough, there are tools like Tweakbit MacRepair that can help secure your Mac, but the primary component is you. Your decisions can make or break your own or your Mac’s security. If you receive an email that you shouldn’t be receiving, decide carefully if you’ll act upon that email, move it straight to the trash, or report it to Apple.