Did you get an email threatening to delete photos and files stored on iCloud? Or that suspicious activity has been detected on your iCloud account? If so, beware! It could well be a scam. Most importantly, do not click on any links or attachments in the email and don’t respond.
These scams are especially common right now as Apple shutters its “My PhotoStream” service, sending users scrambling for alternatives. Today, we’ll cover iCloud phishing scams and how to spot them.
How iCloud phishing scams work
Phishing involves posing as a trusted authority—Apple, in this case—to trick victims into handing over private information or downloading malware. In the phishing emails we reviewed, the senders were displayed as “CloudNotice” and “iCloud Storage”.
These emails normally state that your iCloud storage has run out, that your payment details are expired, or that unusual activity was detected on your account. In some cases, they might advertise some limited-time promotional discount on additional storage. These scams can also come in the form of text messages or phone calls.
No matter the ploy, scammers always try to instill a sense of urgency in victims. They create arbitrary deadlines, such as threatening to delete your files and photos or deactivate your account if you don’t take action soon. This is because a person who feels rushed to make a decision is less likely to make the right one.
The links in iCloud phishing emails can lead to a couple things. Most often, it’s a phishing site. These are sites with fake login or checkout pages that look identical to Apple’s site. Victims enter their password or payment details, which are sent to the attacker, who hijacks your account or steals your credit card info. Often these fraudulent sites redirect users to the real Apple website after they get what they want, so you may not even be aware you just handed your info to a cybercriminal.
The other possibility is that clicking a phishing link will download malware onto your device. This could steal sensitive information, encrypt your files for ransom, redirect you to malicious sites, mine cryptocurrency, or perform any number of other attacks.
Remember the most important rule: never click on links or attachments in unsolicited emails.
Can I protect myself against iCloud phishing attacks?
Unfortunately, spammers are very creative and almost always find ways to slip past your email provider’s spam filter. The only real way to stop them is to block all emails containing the word “iCloud” but this prevents real messages from getting through.
The trick is to educate yourself on the telltale signs that an email might not be legitimate (more on this shortly). This way, when you identify a sketchy email, you can just block the sender and move on.
We strongly suggest getting a high-quality antivirus program if you don’t already have one. These help minimize the damage if you do accidentally download malware, and some are even capable of blocking phishing emails for you. Our top picks are TotalAV and Norton Security: they’re affordable, extremely reliable, and both come with a money-back guarantee, meaning there’s no risk whatsoever.
How to spot iCloud phishing emails
If you’re unsure whether the email is legitimate or not, here are a few tips:
- Check the sender’s domain. That’s whatever comes after the “@” symbol in an email address. Official emails from Apple will read either “@apple.com” or “@icloud.com”. Any other domain claiming to be from Apple is most likely a phishing scam. Be wary of subdomains (e.g. “@apple.scam.com”) and replacement of visually similar characters (e.g. “@appIe.com”)
- The same goes for links in the email. Without clicking a link, you can hover over it (desktop) or long-press it (mobile) to preview the link URL. Here you can inspect the domain, which is whatever comes before the first single slash (e.g.” http://www.comparitech.com/vpn//”). Make sure you trust the link and that there are no spelling errors or suspicious subdomains.
- If you feel rushed to make a decision, stop to consider that it could be a scam. Scammers always try to instill a sense of urgency in victims so they don’t have time to think things through.
- Instead of clicking the link, navigate to Apple’s website through some other means. Use a bookmark that you trust or even a Google search (but make sure not to click the ads at the top of search results).
- Just because a URL has “https” at the beginning doesn’t mean it’s safe. HTTPS is now used by more than half of phishing sites.
What do I do if I receive a scam iCloud email?
Do not respond, and do not click on any links or attachments in the email.
You can forward suspicious texts and emails to Apple to either reportphishing@apple.com or abuse@icloud.com. Scam phone calls can be reported to the FTC if you’re in the USA.
If you don’t want to file a report, just mark the email as spam and delete it.
I fell for an iCloud scam. What now?
If you think you gave your iCloud password to a scammer, you need to change your Apple ID password immediately. If the scammer has locked you out of your account, you might need to take additional steps to verify your identity with Apple to prove you’re the real owner.
If you use the same password on any of your other accounts, those passwords should be changed as well to prevent credential stuffing attacks.
If you handed over payment information, such as a credit card, then you need to cancel and replace the card as soon as possible. Do not ignore small unauthorized charges—that’s how scammers test to see if a card is still valid.