Update, Nov. 26, 2024: This story, originally published Nov. 25 now includes information about a second Apple ID phishing scam iPhone users should be mindful of.
With Black Friday almost upon us, no wonder the scammers are out in force. While it may be a well-used phishing tactic, the cybercriminals behind the latest attack targeting all users of Apple devices have honed their craft into a highly believable and demanding of action warning: your Apple ID is suspended.
Your Apple ID Is Suspended Scam Explained
With more than 2 billion active users of Apple devices, be that an iPhone, iPod, MacBook or anything else that requires the use of an Apple ID, it’s not really surprising that this technological demographic is a prime target for cybercriminals—especially given the broader picture of them being an affluent group given the costs of being within the Apple ecosystem. We’ve already seen scams sent to iPhone users claiming that their iCloud storage capacity is nearly full and, of course, offering an upgrade to anyone foolish enough to click the take action button. Now it’s a similar, but more urgent, threat that is being used as people want to flex their spending power during the Black Friday sales.
Increasingly composed by AI-driven implementations of criminal large language models, these fake emails are often extremely close to the real thing in appearance and tone if not intent. Like other AI-powered support scams, these highly-convincing frauds are designed with one thing in mind: getting the recipient to click on an action button that takes them somewhere that can steal their account credentials. Be warned that the hook will be just as convincing as the bait in most cases, sometimes complete with 2FA-bypass methodologies built into the attack.
In order to leverage as much fear as possible, the email will likely claim that Apple has noticed suspicious activity on your account, or that it has been outright hacked and so requires further action from yourself to protect it.
“Phishing scams like the Apple ID Suspended scheme are becoming increasingly prolific and under immediate urgency,” Jake Moore, a former digital crimes law enforcement officer and now global cybersecurity advisor at ESET, said, “many people are still manipulated by the clever tactics used by criminal hackers.”
Apple Offers Scam Protection Advice For All Users
“If you’re suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money,” Apple said, “it’s safer to presume that it’s a scam.”
Apple gives the following advice for users to identify a phishing attack:
- Scammers often mention personal information about you in an attempt to build trust and seem legitimate.
- Scammers will often convey a desire to help you resolve an immediate problem.
- Scammers usually creates a strong sense of urgency to avoid giving you time to think and to dissuade you from contacting Apple yourself, directly.
- Scammers will request your account information or security codes.
“Apple will never ask you to log in to any website, or to tap Accept in the two-factor authentication dialog, or to provide your password, device passcode, or two-factor authentication code or to enter it into any website,” Apple said.
“It is important to verify the sender’s email address for any discrepancies and avoid clicking on suspicious links as this is where scams often begin,” Moore concluded, “if you are ever in doubt of an Apple ID issue, go directly to the official Apple website to double check.”
Your Apple iCloud Account Requires Immediate Attention
As I mentioned earlier, there are other phishing scams that specifically target Apple users, and one of these is known as the iCloud upgrade scam. This has been seen distributed by email and also using SMS text messages. The latter, if my inbox is anything to go by, has seen a return to favor among fraudsters of late. This is what Apple users need to look out for.
In many ways, this campaign is very similar to the Apple ID is suspended scam in that it instills a sense of urgency in the victim regarding a core Apple service. In this case, it’s your iCloud account, and the messages will either tell you there is a problem that needs to be addressed immediately or inform the recipient that their iCloud storage allocation is almost full and they can “click here” for a free upgrade.
As before, the messages will appear to come from Apple and appear to direct you to a genuine Apple site, but appearances can be deceptive, and most certainly are in this case. The site will be cloned, often protected by a CAPTCHA or similar system, and you will be required to confirm your login credentials before you can claim your “free” storage allocation or even find out what urgent matter requires your attention.
Also, as before, the target for the attacker is control of your Apple ID, which leads them to valuable data and, of particular import, as we fast approach the Black Friday to Cyber Monday long retail weekend, authorize purchases.
All the previous precautionary mitigations apply to this Apple scam as they do any other. Regarding the use of two-factor authentication, as already recommended, I would go one step further and suggest you consider changing your login methodology to that of an Apple Passkey if you are using the latest version of iOS. Whatever, please be careful out there.