There is no shortage of scams trying to get us to hand over our login information, payment details, or other critical data. But recently, online bad actors seem to be refocusing their attention on Apple users.
First, it was the “iCloud storage is full” scam. Now there’s another one, designed to trick not just iCloud users, but anyone with an Apple account. It is known as the “Apple High Alert” scam. Here’s what you need to know about it and how to protect yourself.
What is the Apple High Alert scam?
Apple High Alert is the latest phishing scam targeting people with Apple accounts, including iCloud users and anyone with an iPhone or other Apple device.
The scam does not exploit any vulnerabilities in Apple services or devices. Instead, it relies on proven social engineering methods to trick users into handing over their valuable information to the scammer, so that the scammer can steal their financial information or hijack their Apple account or Apple device, such as an iPhone.
Ash Consumer Affairs As he points out, the messages often include phrases like “A security breach has been detected,” “Your iPhone has been compromised,” and “High Alert,” which is where the scam’s name comes from.
How does the Apple High Alert scam work?
According Consumer AffairsThe scam works like this:
A targeted user will receive a phone call, email, text message, or web browser pop-up claiming to be from Apple.
No matter the medium, the message is the same. It reports that your Apple account, or even your iPhone, has been compromised. The message claims to know this because suspicious activity was allegedly detected on your account.
This supposed suspicious activity, the scam claims, can put your iCloud data, such as your photos or emails, at risk of being deleted, or having your payment methods charged for purchases you didn’t make.
To apparently stop this, the target is instructed to hand over their sensitive information, such as their Apple ID login credentials or payment details, or to install software on their device to fix the problem.
In reality, the scammer will use the data you provide to hijack your Apple account, hijack your Apple device, or steal your payment information.
How do I know if I am the target of the Apple High Alert scam?
The Apple High Alert scam may look like a genuine message from Apple. Scammers often use official Apple logos in their messages and may even include links to websites that appear to be owned by Apple. And in cases where the scammer targets you via a phone call, it’s relatively easy for them to have your caller ID appear to confirm that the call is coming from Apple.
However, there are many clues or revelations that users can look for to determine if they are likely to receive a message from Apple. Things to look out for include:
- links that direct you to a website that has a primary domain name other than Apple.com
- email addresses that do not end in @apple.com, and
- bad grammar or even threatening or pessimistic messages.
All of the above are telltale signs that the message is not from Apple and is a scam.
The Apple High Alert scam, like most other phishing scams, is designed to create a sense of urgency so that you follow the instructions without thinking, instead of breathing and wondering if this message is real.
Scammers often create that urgency by claiming that if you don’t act immediately, your valuable photos will be deleted, your data will become inaccessible and unrecoverable, or you may be legally and financially responsible for massive purchases supposedly made through your Apple account.
What can I do to protect myself from the Apple High Alert scam?
What you can do immediately to protect yourself, should you receive one of these high alert scam messages from Apple, is to take a deep breath and avoid the impulse to act immediately.
Instead, ask yourself if the message fits. If the URL of any link doesn’t have www.apple.com as the primary domain, or the email address that sent the message doesn’t end in @apple.com, that’s a big red flag.
If the message sounds like a ticking clock and says you need to act immediately, that’s another big red flag. And if the message tells you to install an app on your device, download a profile on your iPhone, or hand over your Apple ID password or two-factor authentication code, that’s the biggest red flag there may be.
Apple has a comprehensive support document detailing common social engineering tactics and schemes. In it, Apple explicitly states that it will never ask a user for their Apple account password or verification codes.
If you are concerned that a message you receive may be a scam, do not reply to it or interact with it. Instead, go to a web browser and navigate to Apple’s online Apple Account sign-in portal, or access your Apple Account directly through the Settings app on your Mac, iPhone, or iPad. If there is indeed a problem with your Apple account, you will probably see a message there.
If you still have questions, you can contact Apple through the company’s official support channels. Never, ever use contact information provided in a message that you believe is a scam.