The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.
Apple ID expiry scam tricks users into handing over their passwords and bank details
The scammers warn users their Apple ID password has expired via text, and directs them to a suspicious website
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Apple users are receiving phishing messages designed to trick them into handing over their Apple ID passwords and other pieces of personal information.
People hit by the scam usually receive an unsolicited message which claims to come from Apple, urging them to immediately change their Apple ID password before it expires.
Victims are then directed to an unoffical but legitimate-looking website like AppleIDLogin.co.uk, where they are asked to input their username and password.
After that, they are told their account has been locked for "security reasons," and are directed to enter other personal information like address and credit card details, in order to "unlock" the account, according to security expert Graham Cluley.
Of course, the site isn't genuine - it's all part of an elaborate phishing attack, designed to get users to hand over information which could be used by cybercriminals.
Many security-savvy people wouldn't be taken in by such a scheme, but the scammers have taken some measures to appear as real as possible, by using the recipient's real name in the text message and making their name appear in targets' phones as 'AppleInc'.
There have been previous reports of this scam being carried out over email before, but it appears to have reared its head once again.
Apple's phishing support page advises users to "never send credit card information, account passwords, or extensive personal information" to someone, unless they've fully verified the senders are who they say they are.
By carefully reading suspicious emails or texts and thinking critically about the message's claims, it should be easy to avoid such scams.
It also pays to look closely at the address bar of a website - if it's a genuine Apple site, 'Apple Inc', sometimes alongside a padlock, will appear in green on one side, depending on which browser you use.
It also helps to look at the URL itself - official Apple websites, like AppleID.Apple.com usually contain the company's actual domain. If you see something like AppleExpired.co.uk or AppleIDLogin.co.uk, you know something's amiss.
As usual, the best defence against phishing attacks is to stay vigilant and ignore or delete any messages that look even slightly suspicious. If you're still in doubt, contact the actual company directly, and they'll be able to verify whether there's any real problems or not.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments