'Your Apple ID Is Suspended' Phishing

Apple users are the focus of a new, sophisticated phishing scam aimed at stealing their login credentials. Cybercriminals are distributing convincing fake emails that mimic Apple Support, falsely notifying recipients that their Apple IDs have been suspended.

These messages cite security issues or outdated account details as the reason and urge users to click a link to verify their accounts. However, the provided link redirects to a fraudulent website designed to collect sensitive information.

The image below shows a fake email from a phishing campaign that scammers launched during the fall of 2024.

The content of the email looks very believable, as do almost all phishing messages these days. Attackers take great care to ensure that the text is accurate, error-free, and in graphical form, as if it were sent from an official company or organization address.

And the company email address is something that scammers can't always fake. Which means they have to come up with tricks to convince you that the email is real. For example, an email might come from apple-id-support.com, which only looks like it belongs to Apple. However, the official domain is apple.com

If you look at the sample below in detail, you will see that the email sender used the address @uaepass.ae, which is definitely not the address from which you would receive an email from Apple.

The “Apple ID Suspended” phishing scam is not entirely new. The first attempts to trick Apple users appeared back in 2018. A sample of the email from that time is below.

How the Scam Works

Let's review the important points of how the whole scam works:

1. Impersonation of Apple: Scammers send a fake email, text, or notification that appears to be from Apple, often using Apple’s logo and branding.

2. Urgent Tone: The message claims your Apple ID is "suspended" or "locked" due to suspicious activity or unverified information. Creates urgency with phrases like:

   • "Act Now"
   • "Verify Your Account"
   • "Your Account Will Be Disabled"

3. Request to Click a Link: A link is provided to "restore" or "verify" your account. Clicking redirects you to a fake website that mimics Apple's official login page.

4. Fake Login Page: Users are prompted to enter:

   • Apple ID credentials (email and password)
   • Possibly more sensitive data, such as credit card details or security questions.

5. Consequences: Attackers can:

   • Access your Apple account and make unauthorized purchases.
   • Steal personal data for identity theft or financial fraud.

Red Flags to Watch For

1. Suspicious Sender Email: Check for slight variations, such as @apple-id-support.com instead of @apple.com.

2. Unusual Links: Hover over links to check if they lead to non-Apple domains.

3. Unsolicited Requests for Personal Information: Apple will never ask for sensitive details like passwords or payment information via email or text.

How to Protect Yourself

• Verify Directly with Apple: Do not click any links. Instead, log in directly to your Apple account at https://appleid.apple.com .

• Enable Multi-Factor Authentication (2FA/MFA) : Add an extra layer of security to your Apple ID.

• Stay Educated: Learn about common phishing tactics to avoid becoming a victim.

Sources: cyberguy.com , discussions.apple.com