Scam?

Yes it is a scam. Never respond to a link provided in an email, because the sender will always be spoofed by a scammer to appear to come from someone else. That is exactly what a phishing message is. To verify any message sent to your email, simply go to that companies website directly without using a link in the website. For Apple, you can get that information here:

Sign in to your Apple Account - Apple Support

Also to learn more about phishing messages that you can expect to receive:

Recognize and avoid social engineering schemes including phishing messages, phony support calls, and other scams - Apple Support

Fraudsters are getting very good at imitating Apple messages and sometimes the only indication in an email is very subtle. Have a look at this thread. Someone registered an Apple ID with my em… - Apple Community It can be very hard to tell from an email alone if it is authentic. The best way to check is to use an independent way through Apple's own resources to confirm what the communication claims. Scams (e-mail, text messages, and phone calls) are getting very good at closely imitating true Apple communications. Always be cautious. These support articles have some guidelines:

About identifying legitimate emails from the App Store and iTunes Store --> Identify legitimate emails from the App Store or iTunes Store - Apple Support

Recognize and avoid social engineering schemes including phishing messages, phony support calls, and other scams - Recognize and avoid social engineering schemes including phishing messages, phony support calls, and other scams - Apple Support

Avoid scams when you use Apple Cash --> Avoid scams when you use Apple Cash - Apple Support

About Gift Card Scams --> About Gift Card Scams - Official Apple Support

If you are uncertain about a message and a resource provided in that message, do not click on any links in the message. Try to use an Apple resource you know is valid to independently verify what the message is claiming. Go to a support article page on apple.com and use the instructions in the article to verify though Apple itself, or use an Apple device feature such as Settings or an Apple app. To ask Apple start at this web page: Official Apple Support

- Apple e-mails address you by your real name, not something like "Dear Customer", "Dear Client", or an e-mail address* However, having your actual name is not proof this isn’t phishing. Compromised databases may have your name and address in them.

- Apple e-mails originate from @apple.com or @itunes.com but it is possible to spoof a sender address. "Apple email related to your Apple ID account always comes from appleid@id.apple.com." - About your Apple Account email addresses - Apple Support

- Set your email to display Show Headers or Show Original to view Received From. Apple emails originate from IP addresses starting with "17.".

- Mouse-over links to see if they direct to real Apple web sites. Do not click on them as this just tells the spammer they have a working e-mail address in their database. If you are unsure, contact Apple using a link from the Apple.com web site, not one in an email.

- Phishing emails may include account suspension or similar threats in order to panic you into clicking on a link without thinking. They may report a fake purchase in order to infuriate you into rashly clicking on a false link to report a problem. March 2018 post by Niel There was a fraudulent order on my apple … - Apple Community - "Emails saying that your Apple ID has been locked or disabled are always phishing. If one actually gets disabled, its owner will be told when they try logging into it instead of through email."

- Apple will not ask for personal information in an e-mail and never for a social security number.

- Scams may have bad grammar or spelling mistakes. --That one says "temporary disabled" instead of "temporarily disabled".

- Apple will not phone you unless it is in response to a request from you to have them call you.

* Exception: I got email saying my ID is expired! Does… - Apple Community

Forward email attempts as an attachment (in MacOS Mail use the paperclip icon) to: reportphishing@apple.com then delete it.

If this is with regard to a supposed purchase, this Apple article --> If you see 'apple.com/bill' on your billing statement - Apple Support has relevant information and web links for checking if you really have made a purchase or paid for a subscription. Purchases made under Family Sharing might be charged to the organizer's card but will not appear under the organizer's purchase history or subscriptions. Ask family members about those or check your receipts. Apple will email a receipt to the Family Organizer if a purchase is made on a card held by the Family Organizer. This will have the Apple ID of the purchaser, which you should recognize, but won't have specific about what was purchased.

Read this link "If you think your Apple ID has been compromised" --> https://support.apple.com/HT204145

Also make sure you are using "Two-factor authentication for Apple ID" --> https://support.apple.com/HT204915

It's fake. Forward it to reportphishing@apple.com as an attachment and then delete it.

If an Apple ID actually gets locked or disabled, its owner will be told when they try logging into it instead of through email.

(255851)

Some more advanced checks…

If iPhone or iPad Safari is set to view links (rather than to preview the target webpages), then pressing and holding on the red-circled link (below) won’t be an Apple.com domain. Or whatever service the scammers are trying to phish.

In mail, press and hold to view the sending email address, too. The green-circled detail (the sending address) usually won’t be Apple. Or whoever the scammer is trying to phish. This is less reliable, as sending email addresses can be spoofed.

If not familiar with Safari settings, here is how to view a link (circled in blue):

If you see the “tap to show preview”, you’re viewing the link. Which is the mode you wnt here. And in this case, the link shown (in the blue circle) shows an Apple link.

If you see the following (preview mode, with “hide preview” shown circled in yellow), tap Hide Preview:

Safari remembers this setting, and I usually have it set to view links / hide previews. To set the link-view or webpage-preview setting mode using some benign link, such as the links used on most any webpage you normally visit, press and hold on one of the links embedded in the webpage. Best don’t test or switch viewing modes right on a spam or scam message, though.

There can be other clues, though those can sometimes be less reliable with all the data breaches happening.

There’s a very well-crafted AT&T phish email going ‘round, too. That phishing email is easily detected by the embedded links not going to AT&T.

All great info provided by Limnos. The things that stood out to me was the phrase:

• For your safety, your Apple ID has been temporary disabled.
• If you did not verify your account within 48 hour,



Even when scammers use AI and attempt to copy legitimate emails, they still stumble on proper English used in these emails.