Scam Alert for Apple Users: Learn to Recognize Social Engineering Tactics

Recently, there has been an increase in social engineering fraud targeting Apple product users. The company has released a comprehensive guide on how to recognize and protect against these deceptive attempts.

Apple’s advice aligns with general recommendations for safeguarding against phishing and other fraudulent activities. The company emphasizes that users should never share personal information, such as passwords or security codes, and avoid entering such data on unknown websites to which they have been redirected by third parties.

Here are the main recommendations listed on the website:

• Never share personal data or security information like passwords or security codes, and never agree to enter them into a webpage that someone directs you to.

• Protect your Apple ID. Use two-factor authentication, always keep your contact information secure and up to date, and never share your Apple ID password or verification codes with anyone. Apple never asks for this information to provide support.

• Never use Apple Gift Cards to make payments to other people.

• Learn how to identify legitimate Apple emails about your App Store or iTunes Store purchases. If you send or receive money with Apple Cash (U.S. only), treat it like any other private transaction.

• Learn how to keep your Apple devices and data secure.

• Download software only from sources you can trust.

• Don’t follow links or open or save attachments in suspicious or unsolicited messages.

• Don’t answer suspicious phone calls or messages claiming to be from Apple. Instead, contact Apple directly through our official support channels.

What to do if you receive a suspicious message or call

Apple suggests several steps for reporting suspicious activities:

• If you receive a suspicious email that looks like it’s supposed to be from Apple, please forward it to reportphishing@apple.com.

• If you receive a suspicious FaceTime call (for example, from what looks like a bank or financial institution), email a screenshot of the call information to reportfacetimefraud@apple.com. To find the call information, open FaceTime and tap the More Info button next to the suspicious call.

• If you receive a suspicious link to a FaceTime call in Messages or Mail, email a screenshot of the link to reportfacetimefraud@apple.com. The screenshot should include the phone number or email address that sent the link.

• To report a suspicious SMS text message that looks like it’s supposed to be from Apple, take a screenshot of the message and email the screenshot to reportphishing@apple.com.

• To report spam that you receive in your iCloud.com, me.com, or mac.com Inbox, mark the spam emails as Junk or move them to your iCloud Junk folder. When you mark an email as junk, you help improve iCloud Mail filtering and reduce future spam.

• To report harassment, impersonation, or other types of abuse that you receive in your iCloud.com, me.com, or mac.com Inbox, send them to abuse@icloud.com.

• To report spam or other suspicious messages that you receive through Messages, tap Report Junk under the message. You can also block unwanted messages and calls.

• Report scam phone calls to the Federal Trade Commission (U.S. only) at reportfraud.ftc.gov or to your local law enforcement agency.

How to recognize fraud

Apple warns that social engineering scammers often impersonate trusted companies and organizations. They may call from fake numbers resembling official Apple numbers and use your personal information to gain trust.

Signs of fraudulent messages:

• The sender’s email or phone doesn’t match the name of the company that it claims to be from.

• The email or phone they used to contact you is different from the one that you gave that company.

• A link in a message looks right, but the URL doesn’t match the company’s website.²

• The message looks significantly different from other messages that you’ve received from the company.

• The message requests personal information, like a credit card number or account password.

• The message is unsolicited and contains an attachment.

Actions upon receiving a suspicious call or message

If you receive a suspicious call or message, Apple recommends not responding to it and not clicking on any links. Fraudulent messages should be ignored: close the tab or page and report the incident to Apple.

Following these recommendations will help Apple users protect their data and avoid fraudulent attacks.