Apple owners have noticed something very weird: they are becoming victims of a scam using Apple IDs. Once they give up the IDs, scammers can sometimes get access to their Apple account. Here’s how it works: People get a text that says their Apple ID is going to expire, and they are asked to click a link. When they do, the scam occurs because they unknowingly give up their ID and password to a scammer. It’s not rocket science, but it’s an easy and smart scam.
There are some ways to determine if a message is a scam. First, your Apple ID isn’t going to expire, ever. Apple will occasionally request you log into your account, they will occasionally lock your account, and they will occasionally make things difficult because well, they are Apple and they and you are a big target. As long as you are not responding to and clicking links in text messages or emails then you aren’t going into the scammers rabbit hole. Only engage in Apple ID requests on your Apple device in the settings menu or in your browser preferably on a laptop or desktop when logging directly into Apple’s website.
Beyond Apple ID scams, always look for anything weird like misspelled words or grammar that seems off. Messages that make promises that you will win something, or create a sense of urgency, like “you must do this now,” are also very sketchy. Honestly, any text that you get from a number that is not recognizable is probably a scam. If you think a text from a company might be legit, give the business a call.
This is a really tricky scam as it seems very real, and it is fairly simple for scammer to pull off.
As you can see from the above screen shots, it is not easy to choose which of the photos is the real Apple ID request and the fake one. Keep in mind that the fake one only comes up if you click a link in a text. However, that same pop-up to sign in will generally only come from activity in your settings menu iTunes iMessage FaceTime etc.
First, take a deep breath. Instead of blindly filling out your information every time you get a password request, and be sure of the source of that request. To do this, hit the home button, and then touch “Settings.” Look at iTunes, iMessage, and FaceTime. When you enter each of them, if your account needs authenticating, you will see a pop-up. This is a legitimate one.
Your Apple ID Doesn’t Expire and other Facts
News flash – as previously stated, your Apple ID will not expire. Even if you forget your password, your username, or you haven’t used it in years, your ID is active.
Another thing you should know is that if you use two-factor authentication, you should use it with your Apple ID. This prevents most phishing scams that use “authentication.”
You also might want to consider taking a screen shot of any scam message your get and report it to Apple by sending it to firstname.lastname@example.org. You can also use the “Report Junk” option if you get an iMessage from someone who is not a contact. This also sends the info directly to Apple. Mind you, I don’t do this. I don’t have the time. And there are millions of other people doing it.
If you get a scammy message from SMS (the green message) and or the iMessage (the blue message,) you can report those, too. Or just delete it and reported as junk so you don’t get it again. But, if you are inclined, you will have to do that via the FTC website. Major mobile phone providers including Verizon, T-Mobile, and AT&T also allow customers to forward messages to 7726.
As of today, this password scam is out there, and it’s easy enough for people to create others, so use caution…and don’t forget to set up Apples two-factor authentication and account to recovery details.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.