Apple ID ‘Security Notice’ Phishing Scam

Outline:
‘Security Notice’ email purporting to be from Apple claims that your Apple ID has been locked because the company noticed an attempt to sign into your account from an ‘unrecognized device’. The email lists the date, time and location of the supposed access attempt.



Brief Analysis:
The email is not from Apple. It is a phishing scam designed to steal your Apple ID credentials and other personal and financial information. There are many versions of this scam message.  If you receive one, do not click any links or open any attachments that it contains.

Example:
Subject: ӀD: 237176293

Security Notice

This is to inform you that your apple id has been locked for security reasons.
The reason we took this action is as follows:

On [specified date and time], we noticed an attempt to sign in to your account from an unrecognised device in United State.

To safeguard your information we require you to unlock your apple id by clicking the link below.

Unlock Apple ID↦

Please Note: Failure to unlock your Apple ID can lead to permenant suspension of services associated with this Apple ID [Email address}.

Apple ID Security Notice Scam Email




Detailed Analysis:
According to this ‘Security Notice’ email, which purports to be from Apple and includes the Apple logo, your Apple account has been locked for security reasons.  The message claims that Apple noticed ‘an attempt to sign in to your account from an unrecognised device’ from a specified country on a specified date and time.

The email instructs you to click an ‘Unlock Apple ID’ link to safeguard  your information and regain access to your account. It also warns that failing to unlock the ID can lead to permanent suspension of your Apple services.

However, the email is not from Apple and the claim that your Apple account has been locked is a lie. The email is a phishing scam designed to steal your Apple login details along with other sensitive personal and financial information.

If you click the ‘Unlock’ link you will be taken to a fraudulent website that emulates a genuine Apple webpage and asked to login with your Apple ID and password. After you have ‘logged in’ on the bogus site, you will be taken to a web form that asks you to supply your credit card details, your name and address, and other personally identifying information. At the end of the process, you may see a message stating that you have successfully unlocked your account.

Meanwhile, the criminals operating this phishing campaign can collect all of the information you submitted and use it to hijack your Apple account and commit credit card fraud and identity theft.

There have been a number of versions of the above scam. Details such as the date, time, and location of the supposed security breach may very in different versions of the scam. Be wary of any email claiming to be from Apple that demands that you click a link or open an attached file to deal with a supposed  account suspension or similar issue.  Apple will not send you these types of emails. If you receive such an email, do not click any links or open any attachments that it contains. Always access your Apple account by entering the address into your browser’s address bar or via an official Apple app.

The Apple website includes more information about such phishing scams and how to report them.




Last updated: March 12, 2016
First published: March 12, 2016
By Brett M. Christensen
About Hoax-Slayer

References
‘Apple & ICloud ID Cancellation’ Phishing Scam
Apple KYC Validation Phishing Scam
Phishing Scams – Anti-Phishing Information
Phishing & Other Suspicious Emails