Stay informed about cyber awareness training topics and mitigate risk in your organisation.

I got 99 Problems But a Phish Ain’t One!

about the author

Scam of the Week – Apple App Store Phishing Emails

Cyber criminals have been ramping up their attack on Apple Customers worldwide. Users have reported a sharp increase in Phishing emails which appear to be from Apple in the form of convincing App store subscription phishing emails.  

In a response to this Apple have recently published a page on their website to help users of their App store to protect themselves against cyber criminals who are sending out phishing emails in the hope of capturing vulnerable user’s precious login details for iCloud and the App store.

According to Apple ID login details are the most valuable logins on the dark web next to logins from financial services sectors such as PayPal.

Apple ID login details are fetching as much as $15.39 per login on the dark web. In comparison the site discovered the highest valued login details was PayPal which fetched a whopping $274 per login.

A scam that the cybercriminals use is to send an authentic looking email from the App store to the user asking them to renew their subscription with a highly inflated price. For example, 9to5Mac posted an image of an authentic YouTube TV app subscription renewal email beside another image which showed a very convincing phishing email asking the user to renew the subscription for a crazy price of $144.99 per month. This price will shock the user in to immediately clicking the option to review or cancel the subscription. This scare tactic and sense of urgency is exactly what the cyber criminals are aiming to do. Once the user clicks the link to cancel subscription and enter the login details… Bingo! Payday for the cybercriminal.

I got 99 Problems But a Phish Ain't One!

Authentic Email from Apple (IMG SRC: 9to5Mac)

I got 99 Problems But a Phish Ain't One!

Fake Phishing Email (IMG SRC: 9to5Mac)

Although the email is very convincing, with closer inspection there are some red flags indicating a potential phishing email. The differences can be hard to spot if you’re not looking and are enough to fool the average user.

  • Apple Logo at top and the text “Subscription Confirmation” look different
  • YouTube Red logo is incorrect
  • No personalisation in the email… For example: “Dear John…”
  • The price of renewal is $144.99 per month. Shockingly high price scares the user into reacting straight away
  • Payment method “By Card”. In an authentic email from Apple it will show the type of card and the last 4 digits stored in the customer’s account.

These are only some of the warning signs in this fake email. Some other tips would be to hover over any links to see where this link will lead you to. If it is something that you do not recognise as officially from Apple then do not click.

 Apple have posted a great guide for their users on how to avoid phishing emails and how to protect themselves, family and businesses from cyber scams.

Check out their support page here:

How Do I Stop Phishing Emails


For more information on how MetaCompliance can help you, your staff, and your business become more aware of Phishing,  feel free to check out our MetaPhish platform with a no obligation free trial….

you might enjoy reading these