Did you get an email threatening to delete photos and files stored on iCloud? Or that suspicious activity has been detected on your iCloud account?
If so, beware! It could well be a scam.
Most importantly, do not click on any links or attachments in the email and don’t respond.
These scams are especially common right now as Apple shutters its “My PhotoStream” service, sending users scrambling for alternatives. This article will cover iCloud phishing scams and how to spot them.
How iCloud phishing scams work
Phishing involves posing as a trusted authority—Apple, in this case—to trick victims into handing over private information or downloading malware.
Scammers send phony emails to thousands of recipients at once. Only a few have to fall for the ruse for the scammer to get a return on their investment.
iCloud-related phishing emails use false screen names and email addresses to impersonate Apple. In the phishing emails we reviewed, the senders were displayed as “CloudNotice” and “iCloud Storage”.
These emails normally state that your iCloud storage has run out, that your payment details are expired, or that unusual activity was detected on your account. In some cases, they might advertise some limited-time promotional discount on additional storage. These scams can also come in the form of text messages or phone calls.
No matter the ploy, scammers always try to instill a sense of urgency in victims. They create arbitrary deadlines, such as threatening to delete your files and photos or deactivate your account if you don’t take action soon. This is because a person who feels rushed to make a decision is less likely to make the right one.
The hyperlinks embedded in iCloud phishing emails can lead to a couple things. The most likely is a phishing site. These are sites designed with mock login or checkout pages that look identical to Apple’s site. Victims are instructed to enter their password or payment details, which are then sent to the attacker, who in turn hijacks your account or steals your credit card info. Often these fraudulent sites redirect users to the real Apple website after they get what they want, so the user might not even be aware they just handed their info over to a cybercriminal.
The other possibility is that clicking a phishing link will download malware onto your device. That malware could steal sensitive information, encrypt your files for ransom, redirect you to malicious sites, mine cryptocurrency, or perform any number of other attacks.
Remember the most important rule: never click on links or attachments in unsolicited emails.
How to spot iCloud phishing emails
If you’re unsure whether the email is legitimate or not, here are a few tips:
- Check the sender’s domain. That’s whatever comes after the “@” symbol in an email address. Official emails from Apple will read either “@apple.com” or “@icloud.com”. Any other domain claiming to be from Apple is most likely a phishing scam. Be wary of subdomains (e.g. “@apple.scam.com”) and replacement of visually similar characters (e.g. “@appIe.com”)
- The same goes for links in the email. Without clicking a link, you can hover over it (desktop) or long-press it (mobile) to preview the link URL. Here you can inspect the domain, which is whatever comes before the first single slash (e.g.” http://www.comparitech.com/vpn/”). Make sure you trust the link and that there are no spelling errors or suspicious subdomains.
- If you feel rushed to make a decision, stop to consider that it could be a scam. Scammers always try to instill a sense of urgency in victims so they don’t have time to think things through.
- Instead of clicking the link, navigate to Apple’s website through some other means. Use a bookmark that you trust or even a Google search (but make sure not to click the ads at the top of search results).
- Just because a URL has “https” at the beginning doesn’t mean it’s safe. HTTPS is now used by more than half of phishing sites.
What do I do if I receive a scam iCloud email?
Do not respond, and do not click on any links or attachments in the email.
You can forward suspicious texts and emails to Apple to either firstname.lastname@example.org or email@example.com. Scam phone calls can be reported to the FTC if you’re in the USA.
If you don’t want to file a report, just mark the email as spam and delete it.
I fell for an iCloud scam. What now?
If you think you gave your iCloud password to a scammer, you need to change your Apple ID password immediately. If the scammer has locked you out of your account, you might need to take additional steps to verify your identity with Apple to prove you’re the real owner.
If you use the same password on any of your other accounts, those passwords should be changed as well to prevent credential stuffing attacks.
If you handed over payment information, such as a credit card, then you need to cancel and replace the card as soon as possible. Do not ignore small unauthorized charges—that’s how scammers test to see if a card is still valid.
How can I prevent iCloud phishing emails in the future?
Preventing phishing emails is mainly up to your spam filter. Sometimes these filters take a while to catch up until enough users flag an email as spam.
There’s not much else you can do to stop iCloud phishing emails aside from drastic measures, like disallowing email outside of your organization or blocking all emails that contain the word “iCloud”.
Dealing with phishing is an unfortunate reality of having an email address. Be vigilant!