Be aware of a trending scam involving a pretty real-looking e-mail from Apple. The e-mail claims to be from Apple Support and indicates your Apple ID and iCloud are both going to be suspended because you did not complete verification on time. Given the number of new Apple devices being sold at the moment and for the holiday season, this attack may hit many of your employees.. employees that could then become a risk for your business.
The exact text of the e-mail varies, but it has several key elements that remain the same:
- Supposedly Apple sent you an earlier e-mail about this but they did not receive a response. The wording usually implies that this suspension is your fault.
- The e-mail has a “Verify now” link that allows you to complete the verification process and save your account from suspension. If an employee clicks the link, they land on a bogus Apple login page asking for their credentials.
- You will be taken to a second fake page that asks for a large amount of your personal and financial information including credit card and banking details. The page is designed to look like a real Apple webpage and even includes seemingly legitimate information explaining in detail why you need to complete the verification process.
If you or an employee fall victim to this scam, the risks to your business can come in many forms. Naturally, anything in your Apple account (if you have one) can be stolen or used for blackmail/ransom purposes. Also, if you unfortunately used a similar password for other logins (like those of your company e-mail or network), the hackers will try to use/guess those if they get around to it. And, if your Apple device (iPhone, iPad, etc) has a corporate e-mail setup on it, the hackers could in theory try to gather data from it or get you to reveal logins/passwords for it by using the seemingly real data they obtained.
As always, approach e-mails like this with a healthy dose of suspicion. Do not trust links and instead go to know websites by typing them directly in the address bar (in this case, apple.com). And if you suspect you have shared information with a third-party like these scammers/hackers, immediately change all your passwords, notify your IT provider(s), and watch your accounts carefully.