Email Phishing Scam
Home ScamsPhishing Scams ‘Apple Account Frozen’ Phishing Scam

‘Apple Account Frozen’ Phishing Scam

by Brett M. Christensen

Outline

Email claiming to be from Apple advises that the recipient’s Apple account has been frozen and will remain frozen until the recipient opens an attached file and validates account information.

Brief Analysis

The email is not from Apple. It is a criminal ruse designed to phish Apple account details and financial information from unsuspecting users.

Example

Subject: Urgent_Case

Dear Client,

This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it.

The account will continue to be frozen until it is approved And Validate Your Account Information. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.

This will help protect you in the future. The process does not take more than 3 minutes.

To proceed to confirm your account information please follow the instructions that will be required.

Please downloaded the attachment and open it in your browser.

Yours sincerely,

Apple Account Frozen Scam Email

 

Detailed Analysis

According to this email, which purports to be from Apple, the user’s Apple account has been frozen temporarily in order to protect it. The message warns that, unless the user opens an attached file to validate account information, the account will remain frozen.

However, the user’s account has not been frozen. In fact, it’s not even cold.  In reality, the email is the work of criminals intent on robbing the user of his or her personal and financial data.

If our hapless user gets taken in by the trick and opens the attached file as instructed, a bogus Apple account login page will appear in his or her browser. Once “logged in” via the bogus page, the user will be taken to a second bogus form that asks for identifying information and credit card details.
After clicking “verify” on the second fake form, the user will be transported to the genuine Apple website and may remain blissfully unaware – at least for a little while – that his or her information is now in the hands of fraudsters.

Armed with the stolen data, the criminals can commit credit card fraud and identity theft.  They can also hijack the user’s real Apple account and use it for their own nefarious purposes.

Apple, or other legitimate companies, will never ask customers to provide personal and financial information via an unsecure HTML form contained in an email attachment. Scammers are more often using fake forms sent via email attachments rather than links to bogus websites in an apparent attempt to bypass browser phishing warnings.

Like other high-profile companies such as PayPal and Amazon, Apple is regularly targeted via phishing scams.

It is always best to access your online accounts by entering the account address into your browser’s address bar rather than by clicking a link. And NEVER enter usernames, passwords, or other sensitive data via a form contained in an attached file.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer