The Apple logo seen through a fence in San Francisco, California
The Apple logo seen through a fence in San Francisco, California

Apple ID expiry scam tricks users into handing over their passwords and bank details

The scammers warn users their Apple ID password has expired via text, and directs them to a suspicious website

Doug Bolton
Tuesday 19 April 2016 17:05
comments

Apple users are receiving phishing messages designed to trick them into handing over their Apple ID passwords and other pieces of personal information.

People hit by the scam usually receive an unsolicited message which claims to come from Apple, urging them to immediately change their Apple ID password before it expires.

Victims are then directed to an unoffical but legitimate-looking website like AppleIDLogin.co.uk, where they are asked to input their username and password.

After that, they are told their account has been locked for "security reasons," and are directed to enter other personal information like address and credit card details, in order to "unlock" the account, according to security expert Graham Cluley.

Of course, the site isn't genuine - it's all part of an elaborate phishing attack, designed to get users to hand over information which could be used by cybercriminals.

What is Apple's strategy?

Many security-savvy people wouldn't be taken in by such a scheme, but the scammers have taken some measures to appear as real as possible, by using the recipient's real name in the text message and making their name appear in targets' phones as 'AppleInc'.

A number of Apple users appear to have been hit with the scam messages recently

There have been previous reports of this scam being carried out over email before, but it appears to have reared its head once again.

Apple's phishing support page advises users to "never send credit card information, account passwords, or extensive personal information" to someone, unless they've fully verified the senders are who they say they are.

By carefully reading suspicious emails or texts and thinking critically about the message's claims, it should be easy to avoid such scams.

It also pays to look closely at the address bar of a website - if it's a genuine Apple site, 'Apple Inc', sometimes alongside a padlock, will appear in green on one side, depending on which browser you use.

It also helps to look at the URL itself - official Apple websites, like AppleID.Apple.com usually contain the company's actual domain. If you see something like AppleExpired.co.uk or AppleIDLogin.co.uk, you know something's amiss.

As usual, the best defence against phishing attacks is to stay vigilant and ignore or delete any messages that look even slightly suspicious. If you're still in doubt, contact the actual company directly, and they'll be able to verify whether there's any real problems or not.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments