Watch Out for These Apple ID and iTunes Card Scams

Latest phishing tricks aim to steal your Apple ID: Internet Scambusters #737

If you use an iPhone, an iPad or a Mac, you’ll likely also have an Apple ID — an item of value that crooks want to get their hands on.

We’ll explain why, and the sneaky tricks they use to get hold of that information, in this week’s issue.

We also have a further warning about why you should never use an iTunes gift card to pay a bill — because it’s a scam.

Before we begin, you may want to spend a moment looking at this week’s most popular articles from our other sites:

Electrical Home Repairs — Hiring the Right Contractor: If you would like to make sure you’re getting the best deal and saving money when hiring an electrical contractor, here are some tips for you to follow.

Chocolate and Blood Pressure: There are so many things that are fixable with chocolate — and blood pressure is now on the list, according to this study.

Know Your Cancellation Rights: Our cancellation rights never cross our minds when we sign contracts so it’s a good idea to take a look at your rights of cancellation under American law.

Find Perfect Valentine’s Gifts This Year: V-day will be here before you know it so read on to find fantastic Valentine’s Day gifts that won’t leave anyone disappointed.

Now, here we go…


Watch Out for These Apple ID and iTunes Card Scams


Scammers are exploiting the popularity of Apple’s iTunes and App Store with some sneaky tricks that are outside the control of the company.

Apple has rigid processes in place to try to stop malware-infected apps finding their way onto the store, but they can’t do much about crooks using their name in an attempt to steal users’ account details.

When a user buys music or an app from Apple, they receive an invoice or statement as a record of their purchase.

The system itself is secure, since users have to pay, using their credit card, at the time of buying.

This gives the scammers an opening to send out an email that appears to come from Apple, claiming the recipient has been overcharged for a recent purchase.

There’s a link in the message, labeled “Cancel and Manage Subscriptions.” In some cases, there’s an “x” after the word “and” — that is “andx.”

The emails are sent out at random but because iTunes and the Apps store have such a wide user base, there’s a high chance it will drop into the inbox of genuine users who might be tempted to click the link.

If they do, they’ll be taken to a phony Apple page and asked to sign on, thereby giving away their valuable membership information.

In a variation of the trick, victims get a fake invoice for music they allegedly bought on iTunes, with a link to “Cancel This Purchase.”

If you get one of these messages, simply ignore it or visit itunes.apple.com and check your account there.

Note that neither the “Manage” or “Cancel” links actually appear in genuine Apple invoices.

iPhone Trick

Scammers have developed another nasty phishing trick, this time targeting iPhone users whose phone has been stolen.

If you have an iPhone, you’ll know there’s a program called Find My Phone that tracks down your device and sends a message about its location.

In the meanwhile, you can block access to the device rendering it useless to the thief — unless he successfully uses the following trick.

In a recent documented case, iPhone thieves also took other identifying information about the victim at the time of the theft.

That gave him his email address, so they sent him a message, again seemingly from Apple, saying the phone had been located and asking him to sign in to his iCloud account using a link in the email.

He was astute enough to realize this was a scam but if he had followed the link, he would have provided the thieves with all the details they needed to unblock his account and sell the phone.

“The scam was so professional with perfect English and mobile responsive web pages that I consider myself lucky not to have given away my password,” the victim wrote in a blog.

You can read the full story on his blog post: This is what Apple should tell you when you lose your iPhone.

Don’t Pay with Gift Cards

Finally, we want to remind readers about an increasingly widespread use of iTunes gift cards as a means of paying for various scam tricks.

These cards can be purchased at supermarkets, convenience stores, pharmacies and electronics stores allowing the user to exchange their value for iTunes and app store purchases.

Scammers have turned to these and other gift cards — Amazon for instance — in place of the old Green Dot and prepaid debit cards as a way of getting money or value that can’t be traced.

Typically, they pose as IRS officials or debt collectors demanding payment but the iTunes card scam has also been used by phony lenders who offer non-existent business loans in return for $500 worth of iTunes cards.

Victims are usually asked to buy the cards and then provide the scammer with the 16-digit PIN numbers on the back. The numbers are then sold or used for fraudulent purchases.

On its website, Apple points out:

“It’s important to know that iTunes Gift Cards can be used ONLY to purchase goods and services on the iTunes Store, App Store, iBooks Store, or for an Apple Music membership. If you’re approached to use the cards for payment outside of the iTunes Store, App Store, iBooks Store, or Apple Music, you could very likely be the target of a scam and should immediately report it to your local police department as well as the FTC (Federal Trade Commission).”

Quite simply, you should never provide the numbers on the back of a card to someone you don’t know. Apple says the funds on the card will likely be quickly spent by a scammer before you even realize what has happened.

Be sure to check out Apple’s guidance on the use of gift cards. The FTC also provides guidance on iTunes and other gift card scams and other similar tricks here.

Alert of the Week

Just when you thought it was safe to go out without being nobbled by an electioneering politician, crooks are posing as officials trying to rebuild political party reserves. They want your money.

In the months after elections and the inauguration, local parties do often try to raise money to replenish the cash they spent during the campaign.

But if you want to donate, give your money directly to the local office of whomever you support and don’t give out credit card details over the phone in response to a donation request.

That’s all for today — we’ll see you next week.