Apple just issued a warning as to how phishing emails are getting more realistic.
The company last week posted a new support document to its website detailing a few tips designed to help customers distinguish official emails from phishing attempts, the latter of which have become increasingly sophisticated in recent months.
The document, entitled “Identify legitimate emails from the App Store or iTunes Store,” explains how scammers have been using Apple’s name, logo, and other credentials to fool users into submitting their data.
The emails often feature similar formatting, language and graphics along with links as to what appear to be legitimate Apple websites, but the pages are merely fences designed to gather personal details like a home address or credit card information.
Per the document:
Many phishing emails come in the form of phony App Store, iTunes Store, iBook Store or Apple Music receipts. The goal is to fool a target into thinking they were erroneously billed. Victims are often instructed to correct the mistake by following a malicious link to update account information or provide the same to a fraudulent email address.
Apple has stated that genuine purchase receipts include a current billing address, information scammers are unlikely to have. If a user wants to check on a particular charge, they can review their purchase history by navigating to Settings > [your name] > iTunes & App Store on iOS or Account > View My Account in iTunes.
Apple also stated that it never asks for social security numbers, maiden names, full credit card numbers or credit card CCV codes in emails about App Store, iTunes Store, iBooks Store or Apple Music purchases. It also suggested primarily submitting payments through controlled avenues like the Settings app on iPhone or iTunes on a Mac or PC. Apple ID passwords can also be reset as needed through http://appleid.apple.com/ and informed users to report phishing attempts via [email protected].
For users who think they may have handed over sensitive data such as a password or credit card information to a phony website, Apple says the best course of action is to reset their Apple ID password.
So, be careful out there and stay tuned for additional details as they become available.
Via AppleInsider and Apple