Blog

You are currently viewing How to secure your Apple ID and avoid fraud – 9to5Mac

How to secure your Apple ID and avoid fraud – 9to5Mac

Scams such as phishing and social engineering continue to grow, with some targeting Apple users specifically. With that in mind, Apple has shared a new support document with official advice on how to protect your Apple ID and other online accounts, how to spot and report fraudulent emails, calls, and more.

We’ve seen a few different scams targeting Apple users recently, the most recent being a “mock” iCloud link attack.

As it happens, Apple has shared a new support document on how to protect your account, avoid phishing, social engineering, scam calls and more.

In addition to being a valuable refresher for everyone, this is a great resource to share with less tech-savvy family and friends.

Apple’s advice on how to protect your Apple ID and avoid fraud

Protecting your Apple Account

Here are 8 Apple tips to make your Apple ID as secure as possible:

  • Never share personal or security information such as passwords or security codes, and never agree to enter them on a web page that someone directs you to.
  • Protect your Apple ID. Use two-factor authentication, always keep your contact information secure and up-to-date, and never share your Apple ID password or verification codes with anyone. Apple never asks for this information to provide support.
  • Never use Apple Gift Cards to make payments to other people.
  • Learn how to identify legitimate Apple emails for your App Store or iTunes Store purchases. If you’re sending or receiving money with Apple Cash (US only), treat it like any other private transaction.
  • Learn how to protect your Apple devices and data.
  • Only download software from sources you can trust.
  • Do not follow links or open or save attachments in suspicious or unwanted messages.
  • Do not answer suspicious phone calls or messages that claim to be from Apple. Instead, contact Apple directly through our official support channels.

Apple also has a dedicated support document for getting help with security if you encounter problems with passwords/purchases, lost or stolen products, personal safety, and more.

How to deal with suspicious emails, messages and calls

Apple Tips for Catching Scam Emails, Messages, Calls
  • If you receive a suspicious email that looks like it should be from Apple, please forward it to reportphishing@apple.com.
  • If you receive a suspicious FaceTime call (for example, from something that looks like a bank or financial institution), email a screenshot of the call information to reportfacetimefraud@apple.com. To find the call information, open FaceTime and tap the “More Info” “i” button next to the suspicious call.
  • If you receive a suspicious FaceTime call link in Messages or Mail, email a screenshot of the link to reportfacetimefraud@apple.com. The screenshot should include the phone number or email address that sent the link.
  • To report a suspicious SMS message that appears to be from Apple, take a screenshot of the message and email the screenshot to reportphishing@apple.com.
  • To report spam you receive in your iCloud.com, me.com, or mac.com mailbox, mark the spam as spam or move it to your iCloud Spam folder. When you mark an email as spam, you help improve iCloud Mail filtering and reduce future spam.
  • To report harassment, impersonation, or other abuse you receive in your iCloud.com, me.com, or mac.com mailbox, send it to abuse@icloud.com.
  • To report spam or other suspicious messages you receive through Messages, tap Report spam below the message. You can also block unwanted messages and calls.
  • Report fraudulent phone calls to the Federal Trade Commission (US only) at reportfraud.ftc.gov or to your local law enforcement agency.

How to catch social engineering, phishing and other scams

Social engineering attackers use impersonation and manipulation to first gain your confidence and trust. They then trick you into handing over sensitive data or giving them access to your account information. They use a variety of tactics to impersonate a trusted company, legal entity, or someone you know.

Watch for these signs to help you identify if you’re being targeted as part of a social engineering attack:

  • A scammer may call you from what appears to be a legitimate Apple or other trusted company phone number. This is called “spoofing”. If the call looks suspicious, consider hanging up and dialing the company’s verified number yourself.
  • Scammers often mention personal information about you in an attempt to build trust and appear legitimate. These can relate to information you consider personal, such as your home address, place of work, or even your Social Security number.
  • They will often express a desire to help you solve an immediate problem. For example, they may claim that someone hacked into your iPhone or iCloud account or made unauthorized charges using Apple Pay. The scammer will claim they want to help you stop the attacker or get the charges dropped.
  • The scammer usually creates a strong sense of urgency to avoid giving you time to think and dissuade you from contacting Apple directly. For example, the scammer may say that you are free to call Apple back, but the fraudulent activities will continue and you will be held responsible. This is false and designed to prevent you from closing.
  • Eventually, scammers will ask for your account information or security codes. Usually, they will send you to a fake website that looks like a real Apple login page and insist that you verify your identity. Apple will never ask you to sign in to any website or tap Accept in the two-factor authentication dialog box, or to provide or enter your password, device password, or two-factor authentication code on any website.
  • Sometimes scammers will ask you to disable security features like two-factor authentication or stolen device protection. They will claim that this is necessary to help stop an attack or to allow you to regain control of your account. However, they are trying to trick you into lowering your security so they can launch their own attack. Apple will never ask you to disable any security feature on your device or your account.

How to Catch Scam Text Messages and Emails

Scammers try to copy emails and text messages from legitimate companies to trick you into giving them your personal information and passwords. These signs can help you identify phishing emails:

  • The sender’s email or phone number does not match the company name they claim to be from.
  • The email or phone they used to contact you is different than the one you gave this company.
  • A link in a message looks correct, but the URL does not match the company’s website.
  • The message looks significantly different from other messages you have received from the company.
  • The message requests personal information, such as a credit card number or account password.
  • The message is unsolicited and contains an attachment.

Download applications

Apple also warns about downloading software, stressing that the safest way to install apps is through the official App Store or directly from the developer’s website.

Apple ID password reset attack

Apple users subject to sophisticated ID password reset phishing attack

One recent scam that Apple did not cover in this support document is the Apple ID password reset attack that resurfaced this year.

We have a full explanation of how to handle this:

Have you seen more scams this year? Share your experience in the comments!

FTC: We use automatic affiliate links that earn revenue. More ▼.

Tags: , , , ,

Leave a Reply