How to protect your Apple ID and avoid scams – 9to5Mac

By /


How to protect your Apple ID account to avoid phishing scams

Scams like phishing and social engineering continue to increase, with some specifically targeting Apple users. With that in mind, Apple has shared a new support document with official guidance on how to protect your Apple ID and other online accounts, spot and report fraudulent emails and calls, and more.

We’ve recently seen several different scams targeting Apple users, the latest being an iCloud link “smishing” attack.

As it turns out, Apple has shared a new support document explaining how to protect your account, avoid phishing, social engineering, fraudulent calls, and more.

Besides being a valuable reminder for everyone, it’s a great resource to share with less tech-savvy family members and friends.

Apple’s tips for protecting your Apple ID and avoiding scams

Protect your Apple account

Here are Apple’s 8 tips to make your Apple ID as secure as possible:

  • Never share personal data or security information such as passwords or security codes, or agree to enter them on a web page that someone directs you to.
  • Protect your Apple ID. Use two-factor authentication, always keep your contact information safe and up to date, and never share your Apple ID password or verification codes with anyone. Apple never asks for this information to provide support.
  • Never use Apple Gift Cards to make payments to other people.
  • Learn how to identify legitimate Apple emails about your App Store or iTunes Store purchases. If you send or receive money with Apple Cash (US only), treat it like any other private transaction.
  • Learn how to protect your Apple devices and data.
  • Download software only from trusted sources.
  • Do not follow links or open or save attachments in suspicious or unsolicited messages.
  • Do not respond to suspicious phone calls or messages claiming to be from Apple. Instead, contact Apple directly through our official support channels.

Apple also has a dedicated support document for getting help with security if you have issues with passwords/purchases, lost or stolen products, personal security, etc.

How to handle suspicious emails, messages and calls

Apple's tips for spotting fraudulent emails, messages, and calls
  • If you receive a suspicious email that appears to be from Apple, please forward it to reportphishing@apple.com.
  • If you receive a suspicious FaceTime call (for example, from a bank or financial institution), email a screenshot of the call information to reportfacetimefraud@apple.com. To find the call information, open FaceTime and tap the More Info “i” button next to the suspicious call.
  • If you receive a suspicious link to a FaceTime call in Messages or Mail, email a screenshot of the link to reportfacetimefraud@apple.com. The screenshot should include the phone number or email address that sent the link.
  • To report a suspicious text message that appears to be from Apple, take a screenshot of the message and email it to reportphishing@apple.com.
  • To report spam that you receive in your iCloud.com, me.com, or mac.com inbox, mark spam as spam or move it to your iCloud Junk folder. When you mark spam as spam, you help improve iCloud Mail filtering and reduce future spam.
  • To report harassment, impersonation, or other types of abuse you receive in your iCloud.com, me.com, or mac.com inbox, send it to abuse@icloud.com.
  • To report spam or other suspicious messages you receive through Messages, tap Report as spam below the message. You can also block unwanted messages and calls.
  • Report fraudulent phone calls to the Federal Trade Commission (U.S. only) at reportfraud.ftc.gov or to your local law enforcement agency.

How to Spot Social Engineering, Phishing, and Other Scams

Social engineering attackers use impersonation and manipulation to gain your trust. Then, they trick you into handing over sensitive data or giving them access to your account information. They use a variety of tactics to impersonate a trusted company, entity, or person you know.

Look out for these signs to help you identify if you are the target of a social engineering attack:

  • A scammer may call you from a phone number that appears to be legitimate from Apple or another trusted company. This is called “spoofing.” If the call seems suspicious, consider hanging up and dialing the company-approved number yourself.
  • Scammers often include personal information about you to try to build trust and appear legitimate. They may reference information you consider private, such as your home address, place of employment, or even your Social Security number.
  • They will often express a desire to help you resolve an immediate issue. For example, they may claim that someone hacked your iPhone or iCloud account, or made unauthorized payments with Apple Pay. The scammer will claim that they want to help you stop the attacker or reverse the charges.
  • The scammer usually creates a strong sense of urgency to not give you time to think and to discourage you from contacting Apple yourself, directly. For example, the scammer may say that you are free to call Apple back, but that the fraudulent activities will continue and you will be responsible. This is false and is intended to prevent you from hanging up.
  • Scammers will eventually ask for your account information or security codes. They will usually redirect you to a fake website that looks like a real Apple login page and insist that you verify your identity. Apple will never ask you to sign in to a website, tap Accept on the two-factor authentication dialog, or provide your password, device passcode, or two-factor authentication code, or enter it on a website.
  • Sometimes, scammers will ask you to turn off security features like two-factor authentication or device theft protection. They’ll claim that this is necessary to help stop an attack or to allow you to regain control of your account. However, they’re trying to trick you into lowering your security so they can carry out their own attack. Apple will never ask you to turn off a security feature on your device or account.

How to Detect Fraudulent SMS and Emails

Scammers try to copy emails and text messages from legitimate companies to trick you into giving them your personal information and passwords. These signs can help you identify phishing emails:

  • The sender’s email or phone number does not match the name of the company they claim to come from.
  • The email or phone they used to contact you is different from the one you provided to this company.
  • A link in a post looks correct, but the URL doesn’t match the company’s website.
  • The message appears significantly different from other messages you have received from the company.
  • The message asks for personal information, such as a credit card number or account password.
  • The message is unsolicited and contains an attachment.

Downloading apps

Apple also warns against downloading software, stressing that the safest way to install apps is through its official App Store or directly from a developer’s website.

Apple ID Password Reset Attack

Apple users targeted by sophisticated phishing attack to reset their login passwords

One recent scam that Apple didn’t address in this support document is the Apple ID password reset attack that resurfaced this year.

We have a full explanation on how to handle this:

Have you witnessed more scams this year? Share your experience in the comments!

FTC: We use income generating automatic affiliate links. More.



Source link

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top