A few weeks ago, I received a random text, seemingly from Apple, that said my Apple ID had been compromised and there were new charges on my account. The text included a convenient link to log in and reset my password, which I promptly ignored.
Instead of following the link, I went directly to my Apple account, logged in and changed my password. After a quick scan for fraudulent charges or suspicious activity, I could tell my Apple ID hadn’t been compromised. Like many text messages I get these days, the whole thing was a scam.
TAX SOFTWARE DEALS OF THE WEEK
Deals are selected by the CNET Group commerce team, and may be unrelated to this article.
The Apple ID scam is just one of many smishing (text message) scams in which criminals pretend to be from trusted companies, banks or even the Internal Revenue Service, according to the Federal Communications Commission.
The goal is always the same: Get you to share sensitive information so they can steal your money, identity or both. Here’s how to spot the Apple ID smishing scam and steps to take if you’ve fallen victim.
What is the Apple ID scam?
The Apple ID scam can target anyone, regardless of whether you have an Apple account. Apple IDs are fairly prevalent, so scammers know the chances are good they’ll find someone with an account.
This particular scam has been around for years, but it has become more sophisticated and popular recently. It’s become so common that Apple advised customers to presume any unwanted correspondence from them is a scam.
The Apple ID scam can take various forms, including the scam text I received that said my account was compromised. Other smishing texts may tell you that your Apple ID has been disabled and to log in to verify your account. These fraudulent messages can also come via email.
In either scenario, the embedded link will take you to a fake Apple website that looks a lot like the real thing. Criminals hope you’ll log into your account so they can steal your login credentials. The scam website may even prompt you to enter additional personal and financial information, such as a credit card number. Links in a smishing text may also install malware on your device that steals login credentials for other accounts or spies on you.
Read more: This iPhone Feature Can Give Your Data an Extra Layer of Security
6 ways to protect yourself from the Apple ID scam
If you use an Apple device and have an Apple ID, a message from Apple saying there’s a problem with your account is never good news. But Apple doesn’t communicate via text about account issues, so this type of message is a scam.
Here’s how you can protect yourself:
- Look for the telltale signs of a scam. Some telltale signs of an Apple ID smishing scam (or any text message scam, really) include urgent messaging, typos, vague claims or threats to disable your account. If you receive a text that includes any of this language, assume it’s a scam.
- Never click on links in a text message. Never click on links you receive in an unsolicited text message from any person or company.
- Only log into your Apple account on its secure site. If you get a text that says there’s a problem with your account, don’t use the link. Instead, go to the company website and log in directly. This rule applies to your Apple ID account as well as bank accounts and any other online service you use.
- Set up multifactor authentication on your Apple account. Apple allows multifactor authentication, making it nearly impossible for criminals to log in to your account. If your device allows it, set up biometric authentication options like Face ID or Touch ID.
- Install antivirus software on your devices. The best antivirus software can protect against malicious links that install malware. McAfee Plus Premium is CNET’s best overall antivirus protection pick.
- Contact Apple customer service directly to verify potential issues. If you believe your Apple account has been compromised, go to Apple’s account support page instead of using a number you receive via text.
What to do if you’re a victim of the Apple ID scam
If you clicked on a text message link that was supposedly from Apple and you provided login information or other data, there are steps you can take to regain control of your account. Apple recommends the following:
- Change your password. If you accidentally gave scammers your Apple ID and login information, you should reset your Apple ID password immediately. Make sure you use a strong and unique password that’s different from your other accounts.
- Work with Apple to recover your account. Apple also offers a process for recovering your account after a criminal gets access or if you simply forgot your Apple ID and password.
- Update your personal information at account.apple.com. Once you have control of your account, verify that your information is correct. A criminal with access to your account may have tried to update your name, address, phone number or other details.
- Look for devices you don’t recognize. Check your Apple account for devices that aren’t yours and remove any you don’t recognize.
- Call your credit card issuer. If you entered your credit card information into a fake Apple website sent to you via text, call your credit card issuer to let them know. They will likely send you a new card, just in case.
- Watch your accounts closely. If you’re worried about fraudulent purchases showing up on credit cards associated with your Apple account, monitor your account activity closely and consider freezing your credit. If you spot charges on an account you don’t recognize, notify your card issuer immediately.
You can help stop scammers by reporting text scams to the Federal Trade Commission at ReportFraud.ftc.gov. You can also file a complaint about text scams to the FCC.
