When it comes to online scams and phishing, Apple is one of the most impersonated companies that scammers use to gather personal data and steal money. With so many phishing schemes that you could fall prey to, you may suspect any message or email is fraudulent for various reasons.
If you’ve lately been receiving emails from appleid.apple.com and you’re wondering whether they are sent from Apple themselves or are from a scammer, the following post should give you a clear idea and help you differentiate fraudulent emails from legitimate ones.
Is appleid.apple.com legit?
Yes, it is completely legit. “appleid.apple.com” is a legitimate Apple domain that lets you manage your Apple account and its associated services. When you access this website from your Apple device, you’ll be prompted to sign in to your Apple account using your iPhone’s Face ID or Touch ID, or a password/passcode that you use to unlock your other Apple devices.
When you sign in to appleid.apple.com, you’ll arrive at the Manage your Apple ID page where you’ll be able to view and edit your personal information, contact info, password, payment methods, family sharing, privacy settings, linked devices, and other services where you’ve used with your Apple ID.
Does Apple send emails from appleid.apple.com?
Yes. Depending on the Apple service you recently used or submitted a request to, you may receive emails from apple.com (for the most part) or iTunes.com. These emails may be sent to you whenever Apple detects that you logged into your Apple ID on any device or your Apple account was used to sign up or log in to a non-apple service. If you signed in to your Apple account or used it elsewhere, you may receive emails from these domains:
- @id.apple.com
- @email.apple.com
- @apple.com
- @appleid.apple.com
Although there are other domains that Apple uses to send emails about its products and services, you must check the legitimacy of the domains or the email addresses by searching for them online. Cybercriminals often use spoofed addresses to disguise their identity as Apple. If you receive an email with appleid.apple.com as the sender name, you must check the sender’s complete email address inside the Mail app on your iPhone or Mac or go to icloud.com/mail on a web browser.
How can you differentiate fraudulent emails from legitimate emails?
Scammers and phishing agents have found various means to disguise their messages to be from legitimate companies. For instance, a phishing email from a scammer may contain the same message that you may receive from an actual company/service and if you fail to differentiate a fraudulent message from a legitimate one, you may end up losing your personal information and passwords.
To identify fraudulent emails, you can look out for certain abnormalities in the messages that you receive. The message you receive is fraudulent when:
- You get an unexpected message claiming to be from Apple but you haven’t signed in to your Apple account or used it for logging into a service anytime recently. You can cross-check the date and time or the device used for signing in with the information shared in the email. [Check in the screenshot above.]
- The message you receive starts with “Dear Customer” instead of your actual name or the name you registered inside your Apple account. Apple will also address you by your name for all things related to your Apple account. The only exception to this is when you purchase something from the App Store, at which point, the receipt for your order will have “Dear Apple Customer” in the message. [check in the screenshot above]
- The sender’s email address doesn’t match Apple’s legitimate email domains or there are some suspicious or weird characters in the email address like underscores, letters, or signs.
- Any information like your name or contact details is inaccurate or different from the information you provided to Apple.
- The email provides a clickable link which may not be the case when you receive a legitimate email from Apple itself. When Apple shares a link, it mentions an un-embedded URL that cannot be clicked but instead, you’ll have to copy-paste it on a browser to open. While a link in a message may look alright, you can right-click and copy or long-press a clickable link to see if the embedded link matches the URL that’s visible on the email. [check in the screenshot above]
- You receive an email for an entirely different service that doesn’t concern your Apple ID. Mails from appleid.apple.com or id.apple.com may only be sent in the event of a recent login or password change.
- The email you receive requests you to “update your information”. In the event of a recent login or account activity, Apple will only request you to “change your password” if you believe an unauthorized person has accessed your account. [check in the screenshot above]
- The received email asks for additional personal information like your credit card number or account password. Apple will never request this kind of information over email but will instead ask you to make these changes directly at appleid.apple.com.
- The message contains attachments which should be avoided at all costs. Apple will never send emails with attachments or ask you to upload a file as a reply.
- The message signals a sense of false urgency and pressures you into transferring money or giving them information.
- The email asks you to download and install additional apps or software on your device, which may not have happened had the email been from Apple itself.
- The email specifically requests you to share details like National Insurance Number, Mother’s maiden name, Full credit card number, or Credit card CCV code. Apple will never ask you to provide such information over email.
If you suspect the email you received shows any of the above signs, you can consult the next section to deal with it.
What should you do when you receive a suspicious email?
If you feel like the email you received on your iPhone or other Apple devices is suspicious and claims to be from Apple:
- You can forward the email to reportphishing@apple.com right away.
- You can block the email sender if you continue receiving multiple emails from the same email address.
- Do not reply to this email or send a message to the sender.
- Avoid clicking on links shared in the email. Emails from Apple may contain URLs but they won’t be clickable; you’d have to copy and paste the link to open them.
- As a precautionary step, you can also forward spam or other suspicious emails that you receive on your iCloud.com, me.com, or mac.com inbox to abuse@icloud.com.
- If you receive a suspicious email or an unexpected calendar invitation, you must make sure these emails are marked as junk. This way, all future emails from the same sender will be sent to the Junk folder in your Mailboxes list.
- Delete events from your calendar if you unknowingly subscribed to a spam Calendar.
- Do not install apps or software as suggested in an email; Apple will never recommend installing additional software.
How to protect your Apple account from phishing and other scams
If you wish to avoid scams and prevent receiving phishing and spam emails from suspicious accounts, there are a few things that you need to take care of. You can take these precautionary steps to avoid losing your personal and sensitive information or, in the worst case, access to your Apple account.
- Do not respond, reply, or interact with any email or message you receive spontaneously without a thorough check.
- Do not click on an embedded link shared in a message without properly inspecting its content. Sometimes the displayed link may look alright but the embedded link may take you to a phishing site.
- Do not share your personal, sensitive, or financial details (including credit cards) with anyone over email. If you wish to add your bank cards or manage your payment details on your Apple account, you can directly go to appleid.apple.com.
- Enable two-factor authentication for your Apple ID, so that no one can access your account with just your password. With two-factor authentication enabled, you will be required to enter verification codes every time a new device is used to sign into your Apple account.
- Avoid making private transactions using Apple Pay or sharing Apple Gift Cards with unknown people. Neither Apple nor its executives will request payment for services using these modes of payment.
- Do not open attachments received via an unverified sender or respond to them.
- If you receive an email stating a recent purchase in the App Store, iTunes Store, iBooks Store, or Apple Music, check if the billing address specified here matches your current original billing address, which scammers are unlikely to have.
- Download apps and software from the Apple App Store or trusted sources and check for their legitimacy online before installing.
That’s all you need to know about whether or not you should consider emails from appleid.apple.com as legit.
Discussion