Apple ID expiry scam tricks users into handing over their passwords and bank details

The scammers warn users their Apple ID password has expired via text, and directs them to a suspicious website

Doug Bolton
Tuesday 19 April 2016 12:05 EDT
Comments
The Apple logo seen through a fence in San Francisco, California
The Apple logo seen through a fence in San Francisco, California (Justin Sullivan/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Apple users are receiving phishing messages designed to trick them into handing over their Apple ID passwords and other pieces of personal information.

People hit by the scam usually receive an unsolicited message which claims to come from Apple, urging them to immediately change their Apple ID password before it expires.

Victims are then directed to an unoffical but legitimate-looking website like AppleIDLogin.co.uk, where they are asked to input their username and password.

After that, they are told their account has been locked for "security reasons," and are directed to enter other personal information like address and credit card details, in order to "unlock" the account, according to security expert Graham Cluley.

Of course, the site isn't genuine - it's all part of an elaborate phishing attack, designed to get users to hand over information which could be used by cybercriminals.

What is Apple's strategy?

Many security-savvy people wouldn't be taken in by such a scheme, but the scammers have taken some measures to appear as real as possible, by using the recipient's real name in the text message and making their name appear in targets' phones as 'AppleInc'.

A number of Apple users appear to have been hit with the scam messages recently
A number of Apple users appear to have been hit with the scam messages recently

There have been previous reports of this scam being carried out over email before, but it appears to have reared its head once again.

Apple's phishing support page advises users to "never send credit card information, account passwords, or extensive personal information" to someone, unless they've fully verified the senders are who they say they are.

By carefully reading suspicious emails or texts and thinking critically about the message's claims, it should be easy to avoid such scams.

It also pays to look closely at the address bar of a website - if it's a genuine Apple site, 'Apple Inc', sometimes alongside a padlock, will appear in green on one side, depending on which browser you use.

It also helps to look at the URL itself - official Apple websites, like AppleID.Apple.com usually contain the company's actual domain. If you see something like AppleExpired.co.uk or AppleIDLogin.co.uk, you know something's amiss.

As usual, the best defence against phishing attacks is to stay vigilant and ignore or delete any messages that look even slightly suspicious. If you're still in doubt, contact the actual company directly, and they'll be able to verify whether there's any real problems or not.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in