It’s no secret that online scams are on the rise. A record high of people is being victims every year. In fact, more than 16 million of people were a victim of some kind of identity theft in 2017.
I got almost scammed, and here’s my story.
I was checking my email in the middle of the night when I stumbled upon a suspicious email from Apple. The email was about a transaction from the App Store with a payment receipt document attached to it.
Besides iCloud, I don’t have other subscriptions from Apple or any third-party apps. In my mind, an unauthorized person might have access to my Apple ID.
The email didn’t look quite right, but my fear to lose control of my Apple Id quickly wiped over that worry. I panicked, my heart was racing, and I ultimately opened the payment receipt.
To my grand surprise, here’s what I found.
Take a few seconds to scan through the screenshot. Take a good look at this receipt. Does it look like a receipt from Apple itself? Does it seem legit to you?
From top to bottom, this receipt screams scam. You don’t have to be too savvy or an IT professional to identify a scam email.
To make it easier, here’s a real receipt from Apple. You can see the difference instantly.
Almost Go Scammed
But I almost fell prey to this scam because I believed they hacked my Apple ID. All I wanted is to regain control of my Account and cancel that transaction.
Without thinking twice, I clicked on the link embedded in the body of the receipt that says: To Cancel Your purchase within 48 hours of receiving this Invoice, Go to Cancel and Manage Subscriptions.
And it took me to Apple’s official website, where I can manage my Apple ID.
As soon as I entered my Apple ID, it took me to another page with a warning saying:This Apple ID has been locked, with options to unlock the account. I really started to freak out at this point – seriously.
But I kept going. Because, in my mind, it was Apple helping me to unlock my hacked Apple ID. I wanted to regain access and lock the scammer out as quickly as possible.
That fear prevented me from making any rational decisions at that moment. And I continued with my dangerous adventure, without thinking again, I pressed Unlock Account, which took me to another page. But that time requesting all kinds of personal information.
Okay fine, Apple would need my personal information to verify my identity. So, no big deal here.
Phishing Email Red Flags
The first red flag I finally recognized was the Social Security Number. It was at that particular moment I realized it was a scam. There’s no way on earth Apple would ask me for my SSN to verify my account.
Now that I got my first red flag, I started getting more clues and little details that reassured me it was a scam, a poorly executed one. But man, they almost got me.
These are the red flags that made me beyond suspicious:
The URL: manages-orderapp.dynv6.net. A URL from Apple’s official website would definitely not look like this. It doesn’t even include Apple on it. Some scammers would add the word apple somewhere in the URL to make it look legitimate.
When I clicked on the Apple logo in the middle it took me to the same page. It should’ve taken me to Apple’s official homepage, which was not the case. For example, nothing happened when I clicked on the Menu and Shopping cart icons on the upper left and right corner, respectively. These are fake icons, I couldn’t even click them.
Take a closer look at the verification form, and you’ll notice that Social Security Number is all caps, which doesn’t follow the form format. To give you context Personal Information is not in all caps. The text inside the box, which is shorter than the other boxes, is all lower caps – again doesn’t follow the format.
Take a look at both pictures right above, specifically the Email sender and the subject line. For Christ’s sake, what’s that email: [email protected]…? And, by the way, did you spot that grammatical error in Thanks writtenThank’s.
The “To” field got two email addresses: Noreply and 1 more. When I clicked them, now it’s just one email address: [email protected], which happened to be none of my email addresses. But how is that email sitting in my inbox? Weird! That’s a sign that email didn’t actually come from Apple.
Here’s another error “we`ve disable” and that’s not even an apostrophe. That was a poorly written phishing email. English is definitely not the scammer’s first language. That person only got one job to do, to scam me. But here we are.
What You Can Learn from My Mistake
Scammers have been trying to exploit Apple users to gain access to their accounts. My case is a typical example. I’d have compromised my online privacy and security if I had given away my personal information including my SSN.
I’ve never felt so vulnerable or embarrassed about not realizing that I’d been fooled until it was nearly too late.
Here’s what to do when you receive a phishing email:
Phishing emails try to scare you with warnings about stolen information – they can send you a normal email with fraudulent activities from your account like purchases, which was my case.
Whatever the case is, they’ll always offer help. Sometimes easy help like a click and that’s how you’ll become a victim.
Stay calm. Don’t freak out, no matter what the email says. Chances are you’ll make a mistake that you’ll regret forever.
Don’t open attachments or click on links in emails. Open a new browser and go to the company’s website, sign in there. If something is really wrong you’ll know. They’ll notify you.
Use common sense. But if you freak out there’s no way you’ll be able to analyze, use common sense and make rational decisions. That’s why rule #1 is critical. Always stay calm.
In my case, I wasn’t calm at all. I freaked out thinking someone has access to my Apple ID and started to click like crazy.
I was lucky enough they were not after my Apple ID but rather my Social Security Number. As soon as I entered my Apple ID, I was told my account was locked, then they took me to another page requesting my personal info.
If you live in the U.S and receive a phishing email about your Apple ID, file a report by forwarding it to the Federal Trade Commission (FTC). But due to the government shutdown, they’re not receiving any more reports at the moment. Once the government is funded the site should be back up and working fine. Make sure to secure your Apple ID with two-factor authentication.
Have you ever been scammed? Were you in situations where you almost got scammed? Share your story with us.
If this article was helpful, then please share and/or recommend it to your friends so they can benefit from it too.