How to keep your Apple account safe from scams

Cybercrime is a growing problem, with online denizens often at risk of account hacks, data breaches, and scams. With the continuing rise of data breaches, it's now becoming very easy for a scammer to get snippets of information that they can use against you.

The criminals are only going to escalate, so users need to learn how to protect themselves.

Even with the best password management apps and the highest levels of encryption available to consumers, the users themselves continue to be the biggest weak point. Criminals don't need to break an account's security, they only have to convince you to help them.

As a privacy and security-focused company, Apple has moved to release more resources to help users become safer online. These documents, in the support pages, outline many of the ways that users can do something to prevent bad things from happening to their accounts.

What follows is a summary of some of the more important things to keep in mind when dealing with potential scams online.

Social Engineering and Phishing

A high-class way of saying "Telling lies that seem truthful to get something valuable," social engineering refers to a very common attack vendor. One that relies on an attacker impersonating others, such as Apple support staff or those calls from "Microsoft Support" that frequently annoy people.

Often, the attacker pretends to be a legitimate representative of a company that you may have dealings with, such as Apple. They will then try to do various things to con you into offering up information that could be used to access your accounts, such as sign-in credentials or security codes.

In some cases, the hackers will use data scraped from major data breaches as a starting point. For example, in January, a Trello data breach exposed over 15 million accounts, including names, user names, and email addresses.

If someone calling you is able to tell you your own name, address, date of birth, or other credentials, victims may be convinced that the caller is legitimate. The caller then may willingly offer more information to the fraudster, since they have seemingly proved they are "legitimate."

Another type of attack is phishing, which is basically the same sort of thing, but performed over email or messaging services. Aside from supposed emails from Nigerian royalty, phishing attacks can look like vaguely legitimate emails from real companies.

These messages often insist that the user could benefit from something, that something has gone wrong, or be as trivial as a fake warning that someone has requested a password reset.

If you get a call or a message from a seemingly legitimate company and you're not sure if it's a scam to get your credentials, you should contact the company directly through official channels instead.

You don't have to go this far, though, as there are often clues in messages and emails that they are not legitimate.

How to identify fraudulent emails and messages

• The email or phone number doesn't match the company it's supposedly coming from.
• The email or phone number they contacted you is not the one you supplied the company in the first place.
• Links in messages seem to have a URL that doesn't match up to an official company website.
• Formatting or language issues that differ from normal emails from the company. Spelling mistakes are a big clue here.
• The email requests personal information from you. Emails are sent as plaintext over the internet, so never send such credentials that way.
• You didn't expect the contact in the first place, and that it contains an attachment. Often, the attachment contains malware, so leave it alone.

Apple accounts

While Apple does have a lot of protective measures on accounts, it cannot defend against every threat. That's especially true if Apple users are convinced to hand over their information.

This is what Apple says you should do to protect your Apple account and devices:

How to protect your Apple accounts from scammers

• Do not share personal data or security information, such as passwords or temporary security codes. If someone directs you to a website to enter them, don't agree to do so.
• Use features like two-factor authentication to secure accounts. Keep your security information up to date. Apple will never ask for this sort of information, even if it's for support purposes.
• If requested, do not use Apple Gift Cards to make payments to other people. Gift cards are frequently used as a payment system for scams.
• Take time to learn how to identify legitimate Apple emails relating to App Store or iTunes purchases.
• Check out Apple's guides to keeping Apple devices and data secure
• Download software only from sources that you trust completely.
• Don't blindly click links in emails or open up sent attachments in unsolicited messages.
• Avoid providing personal information if someone pretending to be Apple calls or messages you directly. Instead, contact Apple through official channels.

Reporting suspicious contacts

In the instance that you're getting contacted by someone who claims to be Apple but isn't, you can do a few things to help the company thwart their efforts.

• For a start, Apple says users can forward suspicious emails to [email protected].
• If you receive spam through an iCloud.com, me.com, or mac.com inbox, mark them as Junk or move them to your iCloud Junk folder. This helps improve Apple's iCloud Mail filtering system.
• If you receive spam through Messages, tap Report Junk under the message. It's also possible to block messages and calls from contacts.

Also, remember that Apple has a list of other resources to help keep your personal data and accounts safe.