Apple last week posted a new support document to its website detailing a few tips designed to help customers distinguish official emails from phishing attempts, the latter of which have become increasingly sophisticated in recent months.
In a new document, appropriately titled "Identify legitimate emails from the App Store or iTunes Store," Apple explains scammers and other nefarious actors might use the company's name, logo and other credentials to trick users into handing over sensitive data.
As the company explains, phishing emails often resemble official Apple correspondence, with similar formatting, language and graphics. Often included are links to what appear to be legitimate Apple websites, but the pages are merely fences designed to gather personal details like a home address or credit card information.
Many phishing emails come in the form of phony App Store, iTunes Store, iBook Store or Apple Music receipts. The goal is to fool a target into thinking they were erroneously billed. Victims are often instructed to correct the mistake by following a malicious link to update account information or provide the same to a fraudulent email address.
To assist customers in identifying real Apple email from fake phishing schemes, the company says genuine purchase receipts include a current billing address, information scammers are unlikely to have. If a user wants to check on a particular charge, they can review their purchase history by navigating to Settings > [your name] > iTunes & App Store on iOS or Account > View My Account in iTunes.
Further, Apple never asks for social security numbers, maiden names, full credit card numbers or credit card CCV codes in emails about App Store, iTunes Store, iBooks Store or Apple Music purchases.
When an email requests an update to account or payment information, Apple suggests doing so only through controlled avenues like the Settings app on iPhone or iTunes on a Mac or PC. The same goes for updating an Apple ID password, an action that should be accomplished in the Settings app or through http://appleid.apple.com/.
Apple is always on the lookout for phishing emails, and urges users who have received such correspondence to forward it to [email protected].
Finally, for users who think they might have handed over personal information like a password or credit card information to a phony website, Apple says the best course of action is to reset their Apple ID password.
The recently published support document joins a similar help page, "Avoid phishing emails, fake virus alerts, phony support calls, and other scams," that was last updated in November.