Apple Shares Tips on Avoiding App Store and iTunes Phishing Emails

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 28, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Apple last week shared a new support document that's designed to help App Store and iTunes users avoid phishing emails that mimic legitimate emails from Apple.

    In the document, Apple outlines techniques to identify an actual App Store or iTunes email, which the company says will always include a current billing address, something scammers are unlikely to have access to.

    [​IMG]
    An example of a well-crafted phishing email​

    Apple also says that emails from the App Store, iBooks Store, iTunes Store, or Apple Music will never ask customers to provide details like a Social Security Number, mother's maiden name, a credit card number, or a credit card CCV code.

    Apple recommends that customers who receive emails asking them to update their account or payment information do so directly in the Settings app on an iPhone, iPad, or iPod touch, in iTunes or the App Store on a Mac, or in iTunes on a PC rather than through any kind of web interface.

    Customers who receive a suspicious email can forward it to reportphishing@apple.com, and any customer who may have entered personal information on a scam website should update their Apple ID password immediately.

    Scam and phishing emails like those Apple describes in this support document are not new, but at the current time, there's a new wave of legitimate-looking emails going around that look much like Apple emails that can easily fool customers who don't know what to look for.

    Article Link: Apple Shares Tips on Avoiding App Store and iTunes Phishing Emails
     
  2. goatless macrumors member

    goatless

    Joined:
    Oct 19, 2009
    #2
    --- Post Merged, Feb 28, 2018 ---
    That's actually a pretty good fake. The ones I receive are usually riddled with odd, non-native phrasing. Not that my english is perfect, but english does have its idiomatic ways, and certain words, phrases, and capitalization patterns standout as not being businesslike.
     
  3. bbzzz macrumors newbie

    Joined:
    Mar 7, 2008
    #3
    PROTIP: disable html in your mail client, it's harder to phish when you can see the links that will be used are not what the text claims they are.

    Bonus: tell anyone sending html only to not be a muppet, helping the phishers by conditioning users to accepts such emails. Ask them to include the regular plain text body for those who are trying to not be phished.
     
  4. mattcha90 macrumors newbie

    Joined:
    Nov 5, 2014
    #4
    Remember, all Apple emails address you by first and last name. Always.

    Just skimmed through a few emails from Apple I personally received and every single one of them says my first and last name.
     
  5. AndyUnderscoreR macrumors 6502

    AndyUnderscoreR

    Joined:
    Jul 11, 2008
    #6
    Well, you SAY that's an Apple support document....
     
  6. Tech198 macrumors G5

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
  7. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #8
    Good move on Apple for doing what they can to inform people about phishing.
     
  8. mi7chy macrumors 601

    mi7chy

    Joined:
    Oct 24, 2014
    #9
    How about tips for recognizing battery throttling scams?
     
  9. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #10
    Remedy = Join MacRumors and get initiated by the crew.
     
  10. macduke macrumors G3

    macduke

    Joined:
    Jun 27, 2007
    Location:
    Central U.S.
    #11
    You’d think they could use their fancy smancy machine learning to stop these from coming through for all sorts of major companies. I know companies like PayPal have trouble with this all the time. Even if you can’t cover everything it’s better to get at least 90% of them.

    Heck, you could probably just regex to match certain strings like their footer or other common phrases used in Apple emails. Then check the sender against official Apple email addresses and if it doesn’t check out, send it to the spam folder or put a big red warning at the top saying the email seems suspicious and might be a phishing attempt. This seems like a solvable problem in 2018.
     
  11. cansuds macrumors regular

    cansuds

    Joined:
    Jan 19, 2018
    #12
    5GB is not enough, Apple should also consider some users. Make surprises that will make the users happy. Google 20gb free, Apple 5gb free. You always have to pay for Apple.
     
  12. npmacuser5 macrumors 65816

    npmacuser5

    Joined:
    Apr 10, 2015
    #13
    The first step, verify the senders address by clicking on it. Phishing emails will never have Apple.com at the end.
    Example: no_reply@email.apple.com good.
     
  13. AbblePC macrumors regular

    Joined:
    Aug 1, 2009
    #14








    —————————-> Omitted <——————————
    If you are unable to read the above paragraph and instead you see “omitted”, you may have a virus and should immediately proceed to the following page to change your password.

    FRIENDLY Link here :cool:
     
  14. Glockworkorange macrumors 65816

    Glockworkorange

    Joined:
    Feb 10, 2015
    Location:
    Chicago, Illinois
    #15
    What's a muppet? Like Jim Henson?
    --- Post Merged, Feb 28, 2018 ---
    What's the tell on this email that it's not real?
     
  15. dannyyankou macrumors 604

    dannyyankou

    Joined:
    Mar 2, 2012
    Location:
    Scarsdale, NY
    #16
    These are actually good tips. I didn’t realize Apple emails have your mailing address on them.
     
  16. Tech198 macrumors G5

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #17

    Apple would catch more fish
     
  17. SPUY767 macrumors 68020

    SPUY767

    Joined:
    Jun 22, 2003
    Location:
    GA
    #18

    Oh, you pay for google, just not with money. I'll gladly pay a little money not to have all of my data scraped to sell me ****.
     
  18. JosephAW macrumors 68000

    JosephAW

    Joined:
    May 14, 2012
  19. sparkso macrumors regular

    Joined:
    Dec 3, 2009
    #20
    I think the current app store's "Today" section design is kind of phishing too.
    If you hold the phone with your right hand and scroll through the Today's stories with your right thumb, you can so easily touch the "GET" or "purchase" buttons by mistake, and when that happens some people's first reaction is to press the home button to quit the app store app, but if you do that and if you are using touch ID to approve purchases, the purchase gets approved.
     
  20. synergize macrumors member

    Joined:
    Jul 12, 2010
    #21
    Legs too!
     
  21. bflowers macrumors 6502a

    Joined:
    Jul 19, 2006
    #22
    I got one last month. Not the email I have associated with my apple ID. Meant to call Apple about it, but got busy, and no similar charges on my accounts, so I let it go.
     

    Attached Files:

  22. tigres macrumors 68040

    tigres

    Joined:
    Aug 31, 2007
    Location:
    Land of the Free-Waiting for Term Limits
  23. iapplelove macrumors 601

    iapplelove

    Joined:
    Nov 22, 2011
    Location:
    East Coast USA
    #24
    Lately I’ve been getting tons of phishing emails. I can just imagine how easy it is for someone to be fooled who doesn’t know what to look for or isn’t that savvy.

    Like Apple says, always do business direct through a device or go directly to a website. Never click links.
     
  24. fastasleep macrumors 6502

    fastasleep

    Joined:
    May 21, 2010
    Location:
    Seattle, WA
    #25
    That's not what phishing means.
    --- Post Merged, Feb 28, 2018 ---
    They often do. My spam filter (ASSP) correctly flag all the phishing emails I get as spam. When reviewing stuff in my spambox for false positives, I often take a second look at things that look like they came from Netflix or Apple, only to realize they were correctly flagged. But remember there are a ton of email providers out there with various types and qualities of spam filters.
     

Share This Page