You can never be too careful when visiting unfamiliar websites or opening emails from sources you don’t recognize, but on occasion, it’s hard to tell what’s real and what’s fake. For example, in recent weeks, a convincing new phishing scam has been appearing in the inboxes of App Store users, and while it isn’t particularly innovative, it has apparently become enough of a problem that Apple felt the need to warn its customers on its website.
9to5Mac shared a copy of one of the phishing emails on Tuesday, which appears as a subscription confirmation for a service that the user didn’t actually sign up for. In the email, the user is alerted that they have signed up for a 30-day free trial of YouTube Red, and that they will be charged $144.99/month once the trial period ends.
The point of the scam is to have the user click on the link to cancel the subscription (which they never actually signed up for in the first place). Once they click through, they are asked for a range of sensitive information, from Apple ID to credit card details. Most of us would catch on at this point, but the email is admittedly fairly convincing.
In response to this phishing attempt, Apple has published a page on its site explaining how to identify a legitimate App Store or iTunes Store email from a fake. Here’s what you need to look out for when you see an email from Apple:
If you receive an email about an App Store or iTunes Store purchase, and you’re not sure whether it is real, you can look for a couple of things that can help confirm that the message is from Apple.
Genuine purchase receipts—from purchases in the App Store, iTunes Store, iBooks Store, or Apple Music—include your current billing address, which scammers are unlikely to have. You can also review your App Store, iTunes Store, iBooks Store, or Apple Music purchase history.
Emails about your App Store, iTunes Store, iBooks Store, or Apple Music purchases will never ask you to provide this information over email:
- Social Security Number
- Mother’s maiden name
- Full credit card number
- Credit card CCV code
If you’re concerned about an email or a message and can’t decide if it’s real, just contact Apple. Customer service will be able to pull up your account and make sure that you aren’t making any unexpected payments.