Beware of Apple ID is Locked Scam – Update

Print

One of the most popular article we published, and the one we get the most comments about has to do with an attempt to get your Apple ID and password.

We first published this warning in September 2017 and since then, many of our readers have reported still receiving an email stating that their Apple ID is locked.

Because this is still happening often, we thought it would be good to repost the original information and provide some important updates.

Here is one example of an email being circulated.

Apple ID Locked Scam Screenshot

At first glance, this looks pretty official and you might not see any reason not to follow the instructions, but a closer look reveals multiple items that tells you this is fake.

If you are not familiar with receiving notices from Apple you would not realize that they don’t use a black Apple logo in the center of the page.  The current layout uses a gray Apple in the upper right hand corner, like this.

Official Apple Support

We should note that some readers have reported that at least some of the newer emails now have a gray Apple logo although some are still in the middle of the page.

Also notice that the fake notice is signed “Apple Support Team” instead of the official signature “Apple Support.

Those differences in and of themselves would probably not give anything away but if you examine how poorly the fake notice is written, you might start to get suspicious.

Take a look at the first line of the fake notice which says, “Your Apple ID was sign in to iCloud With Other Devices site at:”  Aside from the strange use of capital letters, the phrase “was sign in” is an indication that the author does not use English as the first language.

A similar error is in the next sentence where it says, “Support team detect unauthorised person  accessed.  You would expect the sentence to begin with something like, “The” Support team or “Our” Support team.  At the very least, they should spell authorized properly.

The notice says, “If you do not update you account within 24 hours it will be temporarily limited.  Does anyone know what that even means?

Also see:  How To Take Screenshots on a Mac

Finally, the signature on the message is all-wrong.  An official Apple notification ends with a simple, Sincerely.  We have never seen anyone use the phrase, “Thank you for your comprehension.”

Finally, if you looked at the address that the email came from, you would see that it looked like this.

not-reply@noticesuportalertapplecustomerscare.fly.mail.net

There are several red flags in this email address that you should notice.

First and perhaps most obvious, there is nothing in the address that references apple.com

We know that a company like Apple has more email addresses than you could possible remember, but they all have one thing in common, they all end in apple.com.  Here is the address from the official Apple notice shown above.

AppleSupport@InsideApple.apple.com

Next, notice that the word “support” is missing a “p” in the address. But perhaps the biggest tip-off is the word “scare”, right in the address.

Even noticing a few of these issues should be a warning that something is not right.

But what if you miss all of that and click on the “UNLOCK NOW” button?  You are taken to a site that looks like this.

Fake Apple ID Page
Fake Apple ID Page

Whomever set this up took a great deal of time to copy the actual Apple ID Log-In page.  Here is the official Apple page.

Real AppleID Page
Real Apple ID Page

At first glance, these are identical, until you look at the URL. In Safari, where URLs get shortened by default, the address bar shows Apple Inc.  If you select the URL to see the entire address it looks like this.

https://appleid.apple.com/#!&page=signin

The fake page had this address.

Costomers-stesid.idmacunlocked.ga

Notice that Customers is spelled “Costomers”.  Another indication that whomever set up this page was probably not that familiar with the English language.

If you click on the address to see the full URL it shows this.

https://costomers-storesid.idmacunlocked.ga/Login.php?sslchannel=true&sessionid=B0LPbAlEdlObEjUGRxG6khTNjxoR93yL4jBgUXU7jIjX1eETMk06CTUWqiOAmmmrGXHAVBIek1cmfQf1

This is obviously not an official Apple page.

We can report that this fake url has since been taken down but you can be sure it has just moved to another address.

Also see:  Loss of Ethernet Due To Security Update

By now, we hope you would have seen enough to know this is a scam, designed to get your Apple ID and password. But even if you missed all of these signs, consider one more point.

The original email said your Apple ID had been locked.  The email took you to a site that was asking you to enter your Apple ID and current password.  If your account was truly locked, your current password would no longer work.  Of course, by the time you might have realized that, it would be too late and the scammers would already have your information.

So, what to do?

As a general rule, you should be suspicious of any email that asks you to provide your ID and password why you did not go to that site on your own.  Look for signs of improper English, unusual email addresses and URLs that don’t specifically reference apple.com.

And should you get an email that claims your account is locked, we suggest before you do anything, try logging in to your account from a site you go to on your own.  Since this is supposed to be your iCloud account, open a browser and go to www.icloud.com. Enter your ID and password.  If the site works, your know your account is still valid and the email is obviously a scam.

While this article addresses a specific scan regarding your Apple ID, the same rules apply to any email you get that reports your on line account is locked, broken or otherwise at risk.  We have seen similar emails for PayPal, Amazon and banking site.  We have even received emails about ID issues with companies and sites we never did business with.

The same rules apply.  Look at the email address, web site urls, check your site credentials on your own and check if it’s a site or business you even recognize. Finally, if you do fall prey to a scammer and you think they have gotten your ID and password for a site, you should immediately change your password for that site and any other sites that may use the same password or even similar password.

If you liked this article, please consider sharing it with your friends and leaving a comment below. Also, don’t forget to “Like” us on Facebook, “Follow Us” on Twitter and add the Apple Tech Talk channel to your Apple News app.

Apple Tech Talker

JOIN OUR NEWSLETTER
I agree to have my personal information transfered to MailChimp ( more information )
Subscribe to Apple Tech Talk and received a free Mac Keyboard Shortcuts Guide by email.
We hate spam. Your email address will not be sold or shared with anyone else.
Share this post.Facebooktwittermail

Leave a Comment