Invoice Phishing Scam
Home ScamsPhishing Scams Fake Apple Invoice Emails Are Designed to Steal Your Personal Information

Fake Apple Invoice Emails Are Designed to Steal Your Personal Information

by Brett M. Christensen

Last updated: July 26, 2017

Scammers continue to target Apple customers via fake Apple Store invoice emails. The emails include the Apple logo and are designed to look like genuine Apple purchase notifications. But the purchases listed on these invoices are not real. 

In fact, the emails are phishing scams designed to steal your personal and financial information.

An example of the scam email:
Apple Cancel Invoice Scam

Emails Include Fake Cancel Payment Links

The fake invoice emails list an item that they claim you have recently purchased, along with the purchase price, invoice date, order number, and other made up details. They also include a “payment cancellation” statement such as this:

If you did not authorize this purchase, please visit iTunes Payment Cancellation

It is this link that is the primary hook in these phishing scam attacks. The scammers know that at least a few, less tech savvy, Apple customers will likely click the link in the hope of cancelling what they believe is a fraudulent transaction that has been made via their account.

Cancel Payment Links Open Fake Apple Website

If they do fall for the ruse and click the cancellation link, they will be taken to a fake Apple website that asks for their Apple ID and password. Once they have supplied their sign in credentials, a fake “cancellation form” will load in their browser.

Again, the page the form is on will include the Apple logo and appear to be a genuine Apple page. The form will ask for name, address, phone numbers, and other identifying information. It will also ask for credit card numbers, ostensibly so that the supposed payment can be reversed. At the end of the process, victims may be informed that the payment has been cancelled and their account has been secured.

Criminals Can Use Stolen Data For Fraud and Identity Theft

But, criminals can now collect the information that their victims supplied and use it to take control of the compromised Apple accounts.  They can use the hijacked account to make fraudulent purchases and send spam and scam messages.  And, they can use the stolen credit card details to commit further fraudulent transactions. They may also attempt to steal the identities of their victims if the have been able to gather enough of their personal and financial information.

Fake Invoice Emails a Common Criminal Ploy

Fake invoice phishing attacks like this are very common.  They continually target customers of many high profile companies and service providers around the world.  If you receive an invoice for an item or service that you have never purchased and have no knowledge of, do not click any links or open any attachments in the message.

Instead, log in by entering the address into your browser’s address bar or via an official app.  If the purchase described in the message is real, there will be details about it inside your account.

Report Apple Scam Messages

The Apple support website includes information about identifying and reporting scam emails.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,