User profile for user: BtheP
BtheP Author
User level: Level 1
8 points

Complex phishing email from FAKE Apple App Store Support

It advised me of a recent purchase on my account from a device not recognized. It included a receipt attachment that I obviously didn't recognize. When I clicked on the link to report it, it took me to what looked like the App Store and I signed in. The next window popped up asking me for all of my info including Social Security #. That's when I did a double take.

I also noticed that I had typed an old password in and the App Store let me right in. So I don't think my ID is compromised, but very dangerous scam. See image from email below:

Posted on Dec 11, 2019 9:50 AM

Reply
Question marked as Top-ranking reply
User profile for user: Eric Root
Eric Root
User level: Level 10
685,221 points

Posted on Dec 11, 2019 10:47 AM

Apple will always address you by your name or the name they have on file for you, not Dear Customer, Dear Client or by using your e-mail address.  The e-mail will be from @apple.com or @iTunes.com. E-mail addresses can be spoofed. You can go to Mail/View/Message/Show all Headers to see more. Apple e-mails will never contain an attachment. Apple will never request personal information by email such as Social Security numbers, your Mother’s maiden name or full credit card numbers .


The only exception to the above I have noticed is if you order something from the Apple Store (apple.com), your receipt will be addressed to Dear Apple Customer. That is a receipt for a purchase you initiated.


Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams


Identifying legitimate emails from the iTunes Store


Send the e-mail to Apple as an attachment to a new e-mail before deleting it. You can forward as an attachment by going to Mail/Message/Forward as attachment. Or control - click on the email and select Forward as attachment. Make sure you send it as an attachment to a new email. If you just forward it, it will probably be rejected. You won’t receive a response.


reportphishing@apple.com

View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: Eric Root
Eric Root
User level: Level 10
685,221 points

Dec 11, 2019 10:47 AM in response to BtheP

Apple will always address you by your name or the name they have on file for you, not Dear Customer, Dear Client or by using your e-mail address.  The e-mail will be from @apple.com or @iTunes.com. E-mail addresses can be spoofed. You can go to Mail/View/Message/Show all Headers to see more. Apple e-mails will never contain an attachment. Apple will never request personal information by email such as Social Security numbers, your Mother’s maiden name or full credit card numbers .


The only exception to the above I have noticed is if you order something from the Apple Store (apple.com), your receipt will be addressed to Dear Apple Customer. That is a receipt for a purchase you initiated.


Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams


Identifying legitimate emails from the iTunes Store


Send the e-mail to Apple as an attachment to a new e-mail before deleting it. You can forward as an attachment by going to Mail/Message/Forward as attachment. Or control - click on the email and select Forward as attachment. Make sure you send it as an attachment to a new email. If you just forward it, it will probably be rejected. You won’t receive a response.


reportphishing@apple.com

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Complex phishing email from FAKE Apple App Store Support

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up