If you’re an Apple customer or a Netflix customer, and chances are you are, take extra caution with emails you may be receiving. This Is Money released a story warning the public about emails and invoices that have been sent out in a phishing attempt to steal people’s bank details.
The fake Apple emails show up as fake iTunes or App Store receipts and they look just like an authentic receipt, so it’s easy enough to be fooled by them. These emails show invoices for movies or music purchased. Other emails confirm purchased Netflix subscriptions, issuing a warning that if you didn’t make the purchase, you should follow a link to cancel and refund the transaction. There are more. Other emails take a tone of concern, stating that someone has gained access to your Apple account and used it to subscribe to Netflix. These emails offer a link to manage your subscriptions. These links are where the trap lies. The link is set up to take you to yet another authentic-looking website, in which you are asked for account details and credit card info in order to issue the refund.
As you can see in the image here, these emails do look pretty authentic. You can see some larger examples of the fake emails from the This Is Money article here.
A telltale sign of a hoax is that Apple has issued statements that they will never ask you for sensitive account information (such as passwords or credit card info) through email.
In fact, here is what Apple specifically says they will never ask for in an email:
- Social Security Number
- Mother’s maiden name
- Full credit card number
- Credit card CCV code
Keep in mind that while these attacks are targeted at Apple account holders and Netflix users, new threats like this pop up all the time.
To stay safe, remember that if you’re ever suspicious of an email AT ALL, you shouldn’t click on any links. Also, more importantly, never give out any sensitive information. Most companies will never ask for sensitive information over email.
When in doubt, it’s smart to go directly to the website of the company sending the email. For instance, if you received an email from Netflix asking you to manage your subscription, you should go to Netflix’s website directly from your browser (type in the address yourself) to check if there was unauthorized activity on your account.
You could also go to your bank’s website and check recent transactions for the payment method in question so you can verify if the charge actually happened. Our advice is to always skip over the email link.
Not clicking the email but want to check on your phishing identification skills? For a clue, inspect the email itself for the sender’s address. If it’s something like firstname.lastname@example.org, you’ll know that the email isn’t reputable—and the URL link in the email probably isn’t reputable either.
For more tips and advice, or if you have questions regarding your computer security, we are here to help.