Beware the App Store bait in the latest phishing scam that’s currently making its way into your inbox! As reported by 9 to 5 Mac and AppleInsider, this new scam appears to target users who may have visited the Apple App Store. This morning I received one of these fake emails, and for a second I had thought it was authentic. However, after looking at a few of the telltale indicators I could see this was in fact a fake email.

Real vs Fake

Below are examples of the fake email, on the left, marked up in red, and an example of an actual correct authorized Apple email, on the right, marked up in green. The 5 signs that indicated the email was fake are annotated in red and are explained in details here:

  1. Random, unknown and incorrect, non-apple email address. See in the actual email that it is sent from Apple and not the App Store.
  2. the generic mail icon shows as AS in reference to the App Store which is incorrect. The proper email should only show the A for Apple.
  3. The personalized email greeting is missing as the send does not know who this email is going out to. Chances are they are sending to thousands of people at once so they try to be as generic as possible.
  4. The method of payment is missing and a sure indicator of a fake email as the sender would have no idea what type of payment you used so they omit this line.
  5. The punctuation and language is poorly chosen and clear indicator of a fake. Apple, as well as other companies who send similar emails, will always try to discourage any customer from cancelling a service or subscription and would choose the language carefully. As seen in the proper email, they ask to review your subscription instead of cancelling.

Email screenshots by Steven Joniak. Sensitive information has been blurred for privacy protection.

Official Apple Acknowledgement

In response to the latest wave of phishing scams, Apple has created a dedicated support document warning customers and offering suggestion on how users can recognize the telltale signs of fake emails. in their document they note what to watch out for;

If you receive an email about an App Store or iTunes Store purchase, and you’re not sure whether it is real, you can look for a couple of things that can help confirm that the message is from Apple.

Genuine purchase receipts—from purchases in the App Store, iTunes Store, iBooks Store, or Apple Music—include your current billing address, which scammers are unlikely to have. You can also review your App Store, iTunes Store, iBooks Store, or Apple Music purchase history.

Emails about your App Store, iTunes Store, iBooks Store, or Apple Music purchases will never ask you to provide this information over email:

  • Social Security Number
  • Mother’s maiden name
  • Full credit card number
  • Credit card CCV code

Protect Yourself

Late last year, Apple had created this support page with tips to help users identify and address various potential threats and malicious schemes. Being vigilant and aware of the authenticity of any pop up message, phone call or email only takes a few moments to pause before acting.

Actions such as hovering over an email address or link can help determine the legitimacy of the destination without even clicking through. As per Apple’s suggestion, I forwarded my fake email to their suspicious email reporting service at reportphishing@apple.com.