There’s a New Apple ID Phishing Scam, But You Don’t Have to Fall For It

| News

There's a new phishing scam making the rounds that tries to trick victims into giving up their Apple ID, account password, and credit card information. The looks more legit than many others The Mac Observer has seen, but it's still fake, and fairly easy to spot.

The latest phishing scam trying to steal your Apple ID and credit cardThe latest phishing scam trying to steal your Apple ID and credit card

The threat, spotted by Comodo Antispam Labs, targets potential victims with an email claiming their account has been "limited." It goes on to say that providing personal information will fix the problem, and includes a link to a website that looks surprisingly legit. Once there, you're asked to enter your Apple ID, name, birthdate, address, social security number, and credit card information.

If you aren't paying close attention, the email sounds legit, and the website looks like something Apple would design. The easy tells for the scam, however, are in the email message.

The email message doesn't have the usual misspellings, random punctuation, or Yoda-like grammar. What it does have is a stilted feel that and an unprofessional tone that wraps up with an agressive push to get you to give up your Apple ID.

Two stand-out sentences all but scream, "I'm a scam email." Here's the first:

This is part of our security process and helps ensure that we continue to be a safer way to buy and sell.

The sentence makes it sound like Apple is eBay, and feels like an incomplete thought.

The second sentence reads:

The sooner you provide the information we need, the sooner we can resolve the situation

It feels like a desperate threat, and the even bigger tell is the missing period at the end of the sentence.

If you get an email telling you there's a problem with your Apple ID and you think there's a chance it's legit (hint: it probably isn't), don't click the links in the message. Instead, go to Apple's website where you can manage your Apple ID yourself. The URL Apple uses for managing Apple IDs is

If you think you've been tricked into giving up your Apple ID, go to the Apple ID management webpage and change your password. Also contact your bank in case the credit card linked to your Apple ID has been compromised.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

Phishing scams often use tactics like saying your account has been limited or locked in some way to trick you into giving up personal information. Always question messages making those claims. If they're legit, you're simply being cautious, and if they aren't you just saved yourself from accidentally giving away your personal information.

Popular TMO Stories


Mike Weasner

I keep hoping that Apple will figure out a way to control such phishing emails that claim to come to Apple and get delivered to Apple customer email accounts on iCloud/me/  Apple controls what gets delivered to those accounts.  It seems like it should be simple to filter out bogus emails from “Apple” and not even deliver them to iCloud/mac/me accounts.


Such a cat and mouse game

Lee Dronick

I keep hoping that Apple will figure out a way to control such phishing emails that claim to come to Apple and get delivered to Apple customer email accounts on iCloud/me/

They could do a better job of stopping frequent and similar spams. Also better spam filters and white lists.


Yesterday I got a note from “Apple” saying there was a problem with the credit card on my iCloud account. Sounded fishy, but they were clever about it. Rather than a “Click Here” which would have been obvious, they included instructions for how to verify it within iOS. Then there was a “Click Here” link for instructions on how to fix it on your Mac. I checked my account the normal way, by going into the Apple site myself, and everything was fine.

General Rule: If you get any sort of message like this that says there’s a problem with your account, from anyone not just Apple, never click on the link within the message. Always go in through a trusted path you’ve previously used.


Yup. I got the exact email shown in this article about two weeks ago. It went straight to the trash bin and was deleted. I never respond to messages, calls and emails asking me to click to fix something. I don’t respond generally to unsolicited communications.


Do everyone a favour and forward phishing emails that purport to be from Apple to before you delete them!


One giveaway is the “Dear Customer”. Apple doesn’t send anything out saying “Dear Customer”. I get emails containing my complete name and address, and I get emails addressed “Hi Gnasher” (well, with my real first name).

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account