Beware Phishing Scam that Looks Like Real Apple Email

| TMO Quick Tip

I received the best looking phishing email I've seen in a long time, if not ever, and wanted to make folks aware of it. While it looks like it could be from Apple, including legitimate links to Apple's Support site and online forums, the link to "My Apple ID" is to, not an Apple URL, and I don't recommend loading it in a browser.

It's a sophisticated attack in that the phishers used my full name in the To field, as shown in the image below. This wasn't a blind BCC blast; it was one email sent to me.

The copy is also fairly clean, a rarity in the vast majority of phishing schemes I've seen as they are often crafted by non-native English speakers/writers. In this one, several "i" letters use "ι" instead, and "Incase" was typed as one word, but I had to look closely to notice either issue.

Tips: Always check URLs before clicking or tapping them. When viewing an email in most versions of in OS X, hovering over a link will reveal the actual URL in a popup rectangle. This is true even when the link has been crafted to look like one URL when it really points to another. Also, when fiddling with your iTunes account, it's always best to do so within iTunes itself, and not by clicking an external link.

Help spread the word on this one. It's sure to catch unsuspecting victims.

Here's what the phishing email looks like:

Phishing email scam designed to look like it's from Apple

Phishing email scam designed to look like it's from Apple
(Click image for a larger version)

Teaser image on home page courtesy of Shutterstock.

Popular TMO Stories



I smelled a phish when I read this line; Incase you have recently changed your…’

When I saw “Incase”, which obviously is not an English word, I was immediately clued that Apple had not sent this message.


Also, always forward spam email to Apple. Select Forward as Attacment and send to


Thanks for this.

I’ve always clicked on the “from” name to reveal the actual source email address. In my experience, the phishing emails never have an address matches the company they claim to be from. 

Was that the case in this email?  (for instance, I’m assuming even though the alias says “Apple Support”, if you click on the email address you’ll get something like “” (a recent Rolex spammer).

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account