Advertisement

Convincing Apple App Store scam - and the detail you need to foil it

Nick Whigham
·News Editor

I was scrolling through an old email inbox this week when I saw something that made my heart sink a little.

“Sh*t,” I thought to myself.

I had an email that appeared to be a bill from the Apple App Store.

I’ve had cases in the past where I paid for something and unwittingly had ongoing subscription charges appear on my credit card through the App Store but I knew this wasn’t me.

The e-mail was a receipt for $US106.69 for a game called Mobile Legends Bang Bang.

The photo is a screenshot of an Apple App Store bill which is charging $106.69 for a game called Mobile Legends Bang Bang.
At first glance, this Apple App Store bill is pretty convincing.

For a moment I thought someone might’ve hacked my account and had charged things to my Apple ID.

But there was one big detail that quickly quelled any distress. After looking closely at the e-mail address which sent the “receipt”, it was clear this was simply a phishing scam.

It was masquerading as a legit bill from Apple, hoping I would download the attachment which would likely contain some sort of malware.

Scams like these are not uncommon and typically use major brands like banks, telco companies or in this case, Apple, to trick users into unsuspectingly giving remote control of their device to a fraudster.

A screenshot shows that the email is not from Apple but rather from a suspicious-looking email address.
Well, this sort of thing is a dead giveaway. If it doesn't come from Apple.com, think twice.

Apple directs customers to its page on how to avoid these types of phishing scams.

“Scammers try to copy email and text messages from legitimate companies to trick you into entering personal information and passwords. Never follow links or open attachments in suspicious or unsolicited messages,” it says.

How to spot a phishing scam

There are a handful of things you should keep in mind when you see something like this:

• If the sender’s email address or phone number doesn’t match the name of the company that it claims to be from, just delete it. The senders will usually try to make it look as close to the real thing as possible, but the imitation will always be a bit off. For example, instead of optus.com.au, it might be optusnet.com.au.

• The message requests personal information, like a credit card number or account password. Legitimate companies won’t do that.

• Before clicking on any links, hover the mouse over it to see the full link to gauge if it looks suspicious given the context.

Do you have a story tip? Email: newsroomau@yahoonews.com.

You can also follow us on Facebook, download the Yahoo News app from iTunesorGoogle Play and stay up to date with the latest news with Yahoo’s daily newsletter. Sign up here.