Apple ID expiry scam tricks users into handing over their passwords and bank details

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Apple users are receiving phishing messages designed to trick them into handing over their Apple ID passwords and other pieces of personal information.

People hit by the scam usually receive an unsolicited message which claims to come from Apple, urging them to immediately change their Apple ID password before it expires.

Victims are then directed to an unoffical but legitimate-looking website like AppleIDLogin.co.uk, where they are asked to input their username and password.

After that, they are told their account has been locked for "security reasons," and are directed to enter other personal information like address and credit card details, in order to "unlock" the account, according to security expert Graham Cluley.

Of course, the site isn't genuine - it's all part of an elaborate phishing attack, designed to get users to hand over information which could be used by cybercriminals.

Many security-savvy people wouldn't be taken in by such a scheme, but the scammers have taken some measures to appear as real as possible, by using the recipient's real name in the text message and making their name appear in targets' phones as 'AppleInc'.

There have been previous reports of this scam being carried out over email before, but it appears to have reared its head once again.

Apple's phishing support page advises users to "never send credit card information, account passwords, or extensive personal information" to someone, unless they've fully verified the senders are who they say they are.

By carefully reading suspicious emails or texts and thinking critically about the message's claims, it should be easy to avoid such scams.

It also pays to look closely at the address bar of a website - if it's a genuine Apple site, 'Apple Inc', sometimes alongside a padlock, will appear in green on one side, depending on which browser you use.

It also helps to look at the URL itself - official Apple websites, like AppleID.Apple.com usually contain the company's actual domain. If you see something like AppleExpired.co.uk or AppleIDLogin.co.uk, you know something's amiss.

As usual, the best defence against phishing attacks is to stay vigilant and ignore or delete any messages that look even slightly suspicious. If you're still in doubt, contact the actual company directly, and they'll be able to verify whether there's any real problems or not.