Apple is warning customers about a new phishing scam that aims to steal their information by duping them into believing they signed up for a subscription agreement.
According to 9to5Mac, which obtained a copy of an e-mail, you'll receive a message about a "subscription confirmation." The e-mail has the same design and uses the same font as a legitimate Apple e-mail and appears to list all the information you'd see in a legitimate message. Since it's a subscription, it aims at highlighting a regular charge, prompting victims to want to stop Apple from charging them on a regular basis.
Of course, if you want to cancel your subscription, you'd click on the link in the e-mail that says "Cancel Subscription." However, when you do so, it takes you to a page that asks you to input your Apple ID details, credit card information, and other data. If you do, you'll be handing over your information to the hackers.
How to Protect Yourself
Apple published the following advice on its website to help you determine whether a given Apple-related email is legit.
"Genuine purchase receipts—from purchases in the App Store, iTunes Store, iBooks Store, or Apple Music—include your current billing address, which scammers are unlikely to have. You can also review your App Store, iTunes Store, iBooks Store, or Apple Music purchase history.
Emails about your App Store, iTunes Store, iBooks Store, or Apple Music purchases will never ask you to provide this information over email:
- Social Security Number
- Mother’s maiden name
- Full credit card number
- Credit card CCV code"
Apple also said that affected users should contact the company at "firstname.lastname@example.org" to report phishing scams.
MORE: Meet Apple's New Weapon Against Phishing Attacks
Phishing Scams Getting Worse
Phishing scams are nothing new, but they're getting more sophisticated all of the time. They mimick a legitimate e-mail or message from a company and coax you into clicking on malicious links that would ultimately allow hackers to steal your information. And truth be told, the latest App Store subscription phishing e-mails are quite convincing.
However, if you take some time to review them, you might quickly find some problems that would tip you off to a scam.
For one, Apple typically lists your credit card and its last four digits in its confirmation e-mails. The phishing scam only says "By Card." The biggest tell is on the Cancel Subscription link. Whereas Apple's e-mail asks you to "review your subscription," the scam e-mail has a link that says "Cancel Subscription," followed a string of characters. One other tiny giveaway: the copyright icon is wrong.
Although it's unknown how widespread the latest phishing scam is, it's bad enough that Apple has issued a support document detailing what people should do to safeguard themselves from phishing scams.