You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: App_Store_Purchase_Spam
App_Store_Purchase_Spam Author
User level: Level 1
9 points

app store purchase spam

Dear Community,


I'm raising an alarming issue with leak of our Apple ID. Today I received an phishing email notifying that I have made an purchase in App Store. But I didn't do any purchase. When I checked my purchase history, It wasn't valid. The email I got hardly has any difference to the original email that we receive from Apple. There is an attachment(invoice) and has a link to cancel the subscription. Instead of clicking on the link, I directly called Apple and told them about this. Shockingly, they told its a spam. The thing that's surprising to me is that spammer knows my Apple ID.


I took measures and went on to see what the link shows. It redirects to Apple Store. If you've logged in, you're a gone case for sure. Since I was not, I created a dummy account and logged into that. Next the form asked for Personal Details and Credit card details along with "Bank Account number and Credit card limit". I'm attaching the screenshots.


The thing that surprises me is that spammer knows my apple ID. I browsed similar cases and shockingly there are hundred's of them.


This is very serious. How can spammer steal our Apple IDs.


[Image Edited by Moderator to Remove Personal Information]

iPhone 11 Pro

Posted on Jan 12, 2020 11:39 AM

Reply
Question marked as Top-ranking reply
User profile for user: stedman1
stedman1
Community+ 2024
User level: Level 10
260,632 points

Posted on Jan 12, 2020 11:45 AM

Your ID wasn’t “stolen”. It is a random email, simply delete it and move on.


  • Apple does not include document, or PDF files to download.
  • Apple would not refer to you as Dear Customer, Dear Client, or anything other than the name on file for your account.
  • Apple would not have such horrible spelling or grammar. 
  • Apple would not send a message to “Undisclosed Recipients”. 


It is a phishing attempt. Do not respond. Do not divulge any personal or financial information. You can use the address below to forward the suspect email message, as an attachment to Apple.


reportphishing@apple.com


The links below have information to help identify fraudulent emails.


Identifying legitimate emails from the iTunes Store

 

https://support.apple.com/en-us/HT204759

View in context

Similar questions

5 replies
Question marked as Top-ranking reply
User profile for user: stedman1
stedman1
Community+ 2024
User level: Level 10
260,632 points

Jan 12, 2020 11:45 AM in response to App_Store_Purchase_Spam

Your ID wasn’t “stolen”. It is a random email, simply delete it and move on.


  • Apple does not include document, or PDF files to download.
  • Apple would not refer to you as Dear Customer, Dear Client, or anything other than the name on file for your account.
  • Apple would not have such horrible spelling or grammar. 
  • Apple would not send a message to “Undisclosed Recipients”. 


It is a phishing attempt. Do not respond. Do not divulge any personal or financial information. You can use the address below to forward the suspect email message, as an attachment to Apple.


reportphishing@apple.com


The links below have information to help identify fraudulent emails.


Identifying legitimate emails from the iTunes Store

 

https://support.apple.com/en-us/HT204759

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
125,333 points

Jan 12, 2020 12:27 PM in response to App_Store_Purchase_Spam

App_Store_Purchase_Spam wrote:

Good work. Apple seriously needs to address this.


Short of blowing up the whole planet or other drastic measures, there’s no known means to that end.


Two-factor authentication is a means to reduce the damage, though. Do you have that enabled?


Our passwords for various services and those often including our chosen passwords are routinely found in web site and service breaches. In the sites and services that leak our data. Whether that might have been the US OMG breach, a breach of a business such as Equifax, or a Yahoo breach. All of which then serve as fodder for future cons and scams.


Different countries, legions of breached systems, jurisdictions that tolerate spam, we’re going to be getting spam for the foreseeable future.


It’s trivial to spoof email “from” addresses in email.


Want to see what breaches your data was in? https://haveibeenpwned.com/


Cons and scams go back millennia, and long predate the existence of computers. Some crooks are quick to adopt and adapt, though. This mess is not going away any time soon.

Reply

app store purchase spam

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up