There’s no shortage of scams trying to get us to turn over our login information, payment details, or other critical data. But recently, bad actors online seem to be refocusing their attention on Apple users.
First, it was the “iCloud storage is full” scam. Now there’s another, designed to trick not just iCloud users, but anyone with an Apple account. It’s become known as the “Apple High Alert” scam. Here’s what you need to know about it—and how to protect yourself.
What is the Apple High Alert scam?
Apple High Alert is the latest phishing scam targeting people with Apple accounts, including iCloud users and anyone with an iPhone or other Apple device.
The scam does not take advantage of any vulnerabilities in Apple’s services or devices. Instead, it relies on tried and tested social engineering methods to trick users into giving their valuable information over to the scammer, so that the scammer can steal their financial information or hijack their Apple account or Apple device, like an iPhone.
As ConsumerAffairs notes, the messaging often includes phrases like “Security Breach Detected,” “Your iPhone Has Been Compromised,” and “High Alert,” which is where the scam’s name comes from.
How does the Apple High Alert scam work?
According to ConsumerAffairs, the scam works like this:
A targeted user will receive a phone call, email, text message, or web browser pop-up claiming to be from Apple.
No matter the medium, the message is the same. It relays that your Apple account, or even your iPhone, has been compromised. The message claims to know this because suspicious activity was supposedly detected on your account.
This supposed suspicious activity, the scam claims, may put your iCloud data, such as your photos or emails, at risk of being deleted, or your payment methods being charged for purchases you didn’t make.
To ostensibly stop this, the target is instructed to turn over their sensitive information, such as their Apple ID login credentials or payment details, or to install software on their device to fix the issue.
In reality, the scammer will use the data you turn over to either hijack your Apple account, hijack your Apple device, or steal your payment information.
How do I know if I am the target of the Apple High Alert scam?
The Apple High Alert scam can feel like a genuine message from Apple. Scammers often use Apple’s official logos in their messaging and may even include links to websites that appear to be owned by Apple. And in cases where the scammer targets you via a phone call, it is relatively simple for them to make their caller ID appear to confirm that the call is coming from Apple.
However, there are many tells, or giveaways, that users can look for to determine whether a message is likely from Apple. Things to keep an eye out for include:
- links that direct you to a website that has a primary domain name other than Apple.com
- email addresses that do not end in @apple.com, and
- poor grammar, or even threatening or doom-mongering messaging.
All of the above are telltale signs that the message is not from Apple and is a scam.
The Apple High Alert scam, like most other phishing scams, is designed to create a sense of urgency so that you will follow instructions without thinking, rather than taking a breath and asking yourself if this message is for real.
Scammers often create that urgency by claiming that if you don’t act immediately, your valuable photos will be deleted, your data will become inaccessible and unrecoverable, or you may be legally and financially liable for massive purchases supposedly made through your Apple account.
What can I do to protect myself from the Apple High Alert scam?
The immediate thing you can do to protect yourself, should you receive one of these Apple High Alert scam messages, is to take a deep breath and avoid the impulse to act right away.
Instead, ask yourself if the message adds up. If the URL of any link does not have www.apple.com as the primary domain, or the email address that sent the message does not end in @apple.com, that’s a big red flag.
If the message feels like a ticking clock and says that you must act immediately, that’s another huge red flag. And if the message instructs you to install an app on your device, download a profile to your iPhone, or hand over your Apple ID password or two-factor authentication code, that’s about as big a red flag as there can be.
Apple has an entire support document that details common social engineering schemes and tactics. In it, Apple explicitly states that it will never ask a user for their Apple Account password or their verification codes.
If you have any concern that a message you receive might be a scam, do not reply to it or interact with it. Instead, go to a web browser and navigate to Apple’s Apple Account login portal online—or access your Apple Account directly through the Settings app on your Mac, iPhone, or iPad. If there is indeed a problem with your Apple account, you’ll likely see a message there.
If you still have concerns, you can contact Apple through the company’s official support channels. Just never, ever, use the contact information provided in a message you think is a scam.
