With over 2 billion Apple devices in use worldwide, it’s likely that hundreds of millions of people receive scary emails telling them they need to act fast as their Apple ID is in some sort of danger. Maybe the Apple ID was suspended, or perhaps you need to refresh your Apple Pay information because it’s supposedly not up to date.
These emails look similar to what Apple might send. They try to convince you to click a button to help you rectify the problem. That button will lead to a website that looks like Apple’s, but it’s not.
Whatever you do, don’t click the link, and do not fill in your information. Why? Well, your Apple ID was not suspended, and your Apple Pay cards still work. It’s not Apple contacting you; it’s hackers trying to steal access to your Apple Account.
I get these emails occasionally, and you probably do as well. They’ll even send scary Apple ID emails to email accounts that aren’t actually associated with my Apple Account. They have no way of knowing that, and that’s the first red flag you’re dealing with phishing attacks.
By the way, Apple ID is no longer called that. It’s an Apple Account, and that’s another hint that you’ve received a phishing email trying to get access to your login credentials.
How do hackers target you?
With so many data breaches occurring in the past years, hackers have obtained a treasure trove of information about hundreds of millions of people. All they need is a valid email address to start sending phishing attacks in bulk.
That explains why you’ll receive “Apple ID suspended” emails from email accounts not associated with your Apple Account.
The hackers hope a percentage of the unsuspecting victims will click the links in the emails where they’d fill in passwords and/or credit card numbers.
What do the hackers want?
Any phishing attack is looking for access first and foremost. You’ll be told to click a link that looks like something you’d get from Apple. From there, you might be prompted to log into your Apple ID on a website that looks like Apple’s, but it’s fraudulent. Just look at the URL you’re being directed to. It’ll have a strange address rather than something simple associated with Apple.com or iCloud.com.
The attackers might even try to obtain two-factor authentication (2FA) codes from you once you fill in your login details to bypass Apple’s security protections. Never accept that, either.
Once they obtain your login data and 2FA data, they might try to purchase products and gift cards or just snoop around. Maybe you hold passwords in your iCloud Notes, which would become accessible to them once they get in.
Or they might be after Apple Pay data so that they can use credit cards to buy things online, which they’ll then sell on the black market.
What you should do
First of all, do not panic. Rather than acting in a rush, just inspect the email carefully. Email services usually catch some of these, sending them directly to the spam folder. But others make it to your inbox.
The first thing you should do is look at the sender’s email address and compare it to emails you receive regularly from Apple. If your Apple ID is associated with the same email account, you can easily compare them.
Hackers might spoof their emails to make them look like they’re coming from Apple. Just hover over the “From” field to see what it says without clicking. Do the same for links and buttons in the phishing email. They might say, “Go to Apple ID” or “Update Account,” but these are not official.
Next, look at the text in the email. It often includes inconsistencies. Hackers might try to make it look like the real thing, using Apple logos and similar colors. The email might also include your name if the hackers obtained it from the data breach your email address came from and purported case IDs.
However, the text will often contain grammar and punctuation mistakes. It’ll be easy to spot them.
After all of that, just go about your day. Send that scary email to the spam folder, and forget about it.
What if…
I know what you’re thinking: maybe the email is from Apple after all.
In that case, continue to do nothing the sender tells you to do. Instead, inspect your Apple ID on your iPhone, Mac, or iPad and ensure it’s working properly. Go outside and use Apple Pay to make sure you can make payments.
You’ll notice that your Apple ID has not been suspended, and Apple Pay still works.
The email you’ve just received will often contain a deadline to pressure you into action. You have 24 or 48 hours to save your account. Wait it out. The hackers might reach out again or not. Your Apple ID will continue to work properly.
You should also contact Apple directly and ask for guidance. Apple actually has a detailed support document that explains some of the scams associated with Apple products, including Apple Accounts.
Finally, if these emails are increasingly frequent, you should change your Apple ID email address to a freshly minted email address. Then, use that email address only for your Apple account and nothing else.
While we’re at it, change your Apple ID passwords from time to time. Use password managers to create unique, strong passwords for each online service you might use.
Mind you, some hackers might also call you pretending to be Apple support staff. They’re looking to extract the same information. Whatever you do, don’t provide it. Hang up, and call Apple yourself. If you’re lucky, some scammers will talk to a Grandma AI instead of you, which will keep them on the line so they can’t target real people.
Apple will never ask you to provide critical account information over the phone or email. Here’s what Apple says in the support document above:
Apple will never ask you to log in to any website, or to tap Accept in the two-factor authentication dialog, or to provide your password, device passcode, or two-factor authentication code or to enter it into any website.
Rinse and repeat every time you receive a scary email telling you your Apple ID has been suspended.
Mind you, the same scam can apply to all sorts of online accounts. But hackers will target Apple users first. Treat those emails with the same circumspection and do nothing to fix the problem they instruct you to fix.
After your first shock when receiving such an email, you’ll soon get used to recognizing phishing attacks that warn you that your internet account has just been suspended because you’ll continue to get these emails time and again.
