Email purporting to be from the Apple Store thanks you for your order of an iPhone and notes that you can click a cancel link if you did not make the order.
The email is not from Apple and it does not reference a real Apple Store order. Instead, it is a phishing scam designed to steal your Apple ID and password, your credit card details, and other personal information.
According to this email, which purports to be from the Apple Store, your order of an Apple iPhone 5c is about to be dispatched. The email does not contain your shipping and billing address but rather those of a person you do not know. It also includes a ‘cancel order’ link’ . The email features the Apple logo and is quite professionally presented.
However, the email is not from Apple. Instead, it is a phishing scam designed to steal your personal and financial information.
When you receive the email, you may mistakenly believe that the person named as the recipient of the iPhone has hijacked your Apple Account and made purchases in your name. Therefore, your first reaction might be to click the ‘cancel’ link in the hope of dealing with the issue.
If you do click the link, you will be taken to a fraudulent website designed to emulate the genuine Apple website. Once on the fake site, you will be asked to ‘login’ with your Apple ID and password. Next, you will be taken to a bogus ‘Cancel Order’ form that asks you to provide your credit card details and other personal and financial information.
After submitting the requested information, you may be told that you have successfully cancelled the order.
But, now, the criminals can steal the information that you supplied and use it to hijack your Apple account, commit credit card fraud in your name, and attempt to steal your identity.
Criminals regularly target Apple customers in similar scam attacks.
Be very cautious of any email about an order that you never made. Other versions may claim that you are required to verify or update account details to avoid an account suspension or fix some other account issue. If you receive one of these emails, do not click any links or open any attachments that it contains.
It is always safest to login to your Apple account by entering the address into your browser’s address bar or via a legitimate Apple app.
The Apple website includes information about identifying and reporting such phishing messages.
Last updated: August 5, 2016
First published: August 5, 2016
By Brett M. Christensen