There’s an email doing the rounds lately claiming to be from the iTunes store either demanding payment for fake invoices or asking you to update your account details.
Both of these emails are phishing scams and are not from Apple. Apple states: “The iTunes Store will never ask you to provide personal information or sensitive account information (such as passwords or credit card numbers) via email.”
What the iTunes Store will never ask you to provide via email:
- Mother's maiden name
- Full credit card number
- Credit card CCV code
"Phishers" create elaborate websites that look similar to iTunes, but their sole purpose is to collect your account information. Often, a fake email will ask you to click on a link and visit one of these phishing websites to "update your account information."
However, all of the information you submitted can be collected by criminals and used to hijack your Apple account, as well as commit credit card fraud. Your Apple ID gives access to all of Apple’s services, so once they have it, the criminals can steal information you have stored on iCloud, access and use your email account, and use iTunes and App Store to make fraudulent purchases. They may also collect enough information about you to allow them to steal your identity.
To help prevent this from happening we recommend:
- Don't click on any emails from Apple or iTunes, especially if they are asking for information. Remember Apple will NEVER ask you to provide personal or account information via email
- Refrain from previewing and reading personal email sites whilst on corporate machines, especially on a terminal server
- Turn off preview mode in Outlook, and do not open any emails that are from an unexpected/unknown source, delete them, especially if the subject is “Important Documents” or something similar – if you do manage to open one of these emails do NOT click on any “Click Here” icons or Internet links in the body of the emails
Email scams like these can have a devastating effect on businesses if a staff member has their account compromised. A virus like CryptoLocker can hold all your data to ransom and demand payments. It's important for businesses to have up to date Disaster Recovery Plans for when these problems arise.