This Apple gift card scam tries to steal your Apple ID password — what you need to know

A woman using an iPhone with a MacBook open next to her.
(Image credit: Farknot Architect/Shutterstock)

Apple does things a bit differently for its Black Friday and Cyber Monday sales, giving customers gift cards instead of slashing prices on its products. While this makes sense for the company — these gift cards will be used in its stores or online — it's an approach that inadvertently opens its customers up to gift card scams. And those scams are starting to appear.

According to a new blog post (opens in new tab) from the email security company Armorblox, many Apple users recently saw their inboxes flooded with emails that claimed to come from the iPhone maker. While these emails appeared to be legitimate at first glance, they were actually phishing emails used to steal the Apple passwords of unsuspecting users.

Instead of offering new gift cards or Apple products, the cybercriminals behind this scam use Apple’s decision to give out gift cards to holiday shoppers as the lure. These emails have the subject line “We’ve suspended your access to apple [sic] services” and explain that a user’s Apple account has been suspended after the company “recently failed to validate your card information.”

This is quite clever as many Apple users likely bought new products on Black Friday and Cyber Monday, and some of them may have even used their new gift cards to purchase additional products or even gifts for others. Spending a lot of money on Apple’s website or in one of its stores and then finding out you may lose access to Facetime and iCloud is more than enough to create a sense of urgency and trick potential victims into clicking the “login now” button at the bottom of these phishing emails.

Impersonating Apple 

A screenshot of a phishing email impersonating Apple

(Image credit: Armorblox)

Upon closer examination, it’s easy to tell that these emails are fake as the sender’s name is “A P P L E” with a space between each of the letters. Still though, the email did come from a seemingly legitimate iCloud email address (servinc@icloud.com).

If a recipient of one of these phishing emails clicks on the malicious link at the bottom, they are taken to a fake security check page which displays a Captcha code they have to input to proceed. Victims who do this are then taken to another fake page that mimics Apple’s login page.

Instead of verifying one’s Apple account details, this page steals their credentials. With a victim’s username and password in hand, the cybercriminals behind this phishing campaign are then able to take over their Apple account.

What makes this phishing campaign particularly dangerous is the fact that it was able to bypass the email security settings built into Microsoft Outlook and reach the inboxes of 10,000 users, according to Armorblox.

How to stay safe from phishing emails

Although phishing emails are a threat you need to watch out for all year long, they often see a big uptick during the holidays. With people buying more items online, they often get receipts, delivery notifications and other emails from companies. Cybercriminals work hard to make their fake emails appear like they are actually coming from legitimate companies by stealing their logos and copying the language used in official emails.

In order to stay safe from phishing emails, you need to carefully scrutinize any message that arrives in your inbox before you click on any of the links or download any attachments it may contain. You should look for poor grammar and spelling mistakes as these are both a big red flag. Likewise, you should inspect the sender’s email address in the email itself and use a search engine to see what email addresses companies actually use when contacting customers. As a general rule of thumb, you should never download or open any attachments from unknown senders.

Installing one of the best Mac antivirus software solutions can help protect you from malicious attachments and malware but unfortunately, these programs don’t always protect against phishing. If you do happen to click on a phishing email and accidentally give up your credentials, one of the best identity theft protection services can help you recover your identity and deal with any fraud that may have occurred.

When it comes to spotting phishing emails, though, looking for language that tries to elicit an emotional response is probably your best bet. Cybercriminals want you to get upset so that you’re more likely to fall for their scams.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.