Representing such a large and diverse percentage of the market, Apple customers are common targets of phishing attempts. Whether they be innovative methods via iOS applications or traditional email phishing attempts, it’s important for customers to remain skeptical of communication asking for sensitive information.

A new wave of phishing attempts targeted at Apple customers comes in the form of subscription renewal email and has seemingly become so widespread, Apple has shared new tips on protecting yourself…

While this isn’t a new type of phishing attempt, it seems to have picked up quite a bit of momentum in recent weeks. Essentially, the email poses as an official message from the App Store containing information about a new subscription agreement.

The email seen here depicts a YouTube Red subscription with a 1-month free trial and subsequent $144.99 per month renewal rate. The goal of that outrageous monthly is seemingly to entice people to click the “Cancel Subscription” link.

Clicking that link takes you to a page where the hacker wants to know information such as your Apple ID login, credit card details, or other private information. The information requested varies by the hacker, but Apple itself would never ask for this information over email.

There are obvious red flags with this email, though it is a pretty convincing fake. In the screenshot below, the YouTube TV Subscription Confirmation email is legit, where as the YouTube Red one is a fake. As you can see, the differences are small and would likely fool the average user.

Of course, one preliminary way to tell if an email is legitimate is to look at the sender’s address. If it’s not from an Apple domain, it’s not a legitimate email. However, with email spoofing prevalent, don’t assume that just because there’s an Apple domain that it’s legit. Ultimately, if didn’t initiate whatever the email is referring to, you should reach out to Apple directly.

In response to this new wave of phishing attempts, Apple has published a new support document outlining the best practices for identifying legitimate emails from the App Store and iTunes Store. This webpage is a more extensive version of Apple’s general virus and phishing protection webpage, which can be found here.

On this site, Apple says:

You can read all of Apple’s tips on its website here. The company encourages users who have received a suspicious email to forward it to reportphishing@apple.com.

Genuine purchase receipts—from purchases in the App Store, iTunes Store, iBooks Store, or Apple Music—include your current billing address, which scammers are unlikely to have. You can also review your App Store, iTunes Store, iBooks Store, or Apple Music purchase history.

Emails about your App Store, iTunes Store, iBooks Store, or Apple Music purchases will never ask you to provide this information over email:

  • Social Security Number
  • Mother’s maiden name
  • Full credit card number
  • Credit card CCV code