I Almost Fell For “Your Apple ID Has Been Locked” Scam (Here’s What I Wish I Had Known)

Phishing Email

To my grand surprise, here’s what I found.

Please take a few seconds to scan through the screenshot. Then, take a good look at this receipt. Does it look like a receipt from Apple itself? Does it seem legit to you?

This receipt throws up red flags everywhere. Look out for inconsistencies, strange formatting, and unfamiliar logos. You don’t have to be too savvy or an IT professional to identify a scam email.

To make it easier, here’s a real receipt from Apple. You can see the difference instantly.

Almost Got Scammed

But I almost fell prey to this scam because I believed they hacked my Apple ID. All I wanted was to regain control of my Account and cancel that transaction.

Without thinking twice, I clicked on the link embedded in the body of the receipt that says: To Cancel Your purchase within 48 hours of receiving this Invoice, Go to Cancel and Manage Subscriptions.

And it took me to Apple’s official website, where I can manage my Apple ID.

When I entered my Apple ID, it took me to another page with a warning saying: “This Apple ID has been locked,” with a button below to unlock the account. I started to freak out at this point – seriously.

Despite the red flags, I continued the process. In my desperate attempt to regain control and lock out the scammer, I saw this as Apple’s way of helping me recover my hacked Apple ID.

That fear prevented me from making any rational decisions at that moment. And I continued with my dangerous adventure.

I pressed Unlock Account without thinking again, which took me to another page, this time requesting all kinds of personal information.

Okay, fine. Apple would need my personal information to verify my identity, so there’s no big deal.

Phishing Email Red Flags

When I saw they were asking for my Social Security Number, I knew for sure it was a scam. There was no way Apple would ask for that to verify my account.

Now that I got my first red flag, I started getting more clues and little details that reassured me it was a poorly executed scam. But man, they almost got me.

I became suspicious of the following red flags:

(The red flags, numbered 1 through 4, correspond to the image above.)

Red Flag #1

Check the web address: “manages-orderapp.dynv6.net.” A URL from Apple official’s website wouldn’t appear like this, lacking the term “apple.” Be cautious; scammers might add “apple” to deceive and appear more authentic.

Red Flag #2

When I clicked on the Apple logo in the middle, it took me to the same page. It should’ve taken me to Apple’s official homepage, which was not the case.

Red Flag #3

For example, nothing happened when I clicked on the Menu and Shopping cart icons in the upper left and right corner. These are fake icons, and I couldn’t even click them.

Red Flag #4

Take a closer look at the verification form, and you’ll notice that the Social Security Number is in all caps, which doesn’t follow the form format.

To give you context, Personal Information is not in all caps. The text inside the box, which is shorter than the other boxes, is in lower caps—again, this doesn’t follow the format.

Red Flag #5

Look at the pictures below, specifically the Email sender and the subject line. For Christ’s sake, what’s that email: receiptmailappstore309@bhauytamail…? Did you notice the grammar mistake in “Thank’s” instead of “Thanks”?

Red Flag #6

The “To” field has two email addresses: “Noreply and 1 more”. When I clicked them, there was just one address: noreply@deviceapple.com, which happened to be none of my email addresses.

But how is that email sitting in my inbox? Weird! That’s a sign that the email didn’t actually come from Apple.

Red Flag #7

Here’s another error: “we`ve disable,” and that’s not even an apostrophe. That was a poorly written phishing email. English is definitely not the scammer’s first language. That person only has one job to do: scam me. But here we are.

What You Can Learn from My Mistake

Scammers have been trying to exploit Apple users to access their accounts. My case is a typical example.

I’d have compromised my online privacy and security if I had given away my personal information, including my SSN.

I’ve never felt so vulnerable or embarrassed about not realizing I’d been fooled until it was nearly too late.

Here’s what to do when you receive a phishing email:

Phishing emails try to scare you with warnings about stolen information – they can send you a normal email with fraudulent activities from your account, like purchases, which was my case.

Whatever the case, they’ll always offer help. Sometimes, easy help is like a click, and that’s how you become a victim.

1. Stay calm. Don’t freak out, no matter what the email says. Chances are you’ll make a mistake that you’ll regret forever.
2. Don’t open attachments or click on links in emails. Open a new browser, go to the company’s website, and sign in there. If something is wrong, you’ll know. They’ll notify you.
3. Use common sense. But if you freak out, you won’t be able to analyze, use common sense, and make rational decisions. That’s why rule #1 is critical. Always stay calm.

Wrap Up

I wasn’t calm; I panicked, fearing someone had my Apple ID access, and started clicking frantically.

I was lucky they were not after my Apple ID but my Social Security Number. As soon as I entered my Apple ID, I was told my account was locked, and then they took me to another page requesting my personal info.

If you live in the U.S. and receive a phishing email about your Apple ID, forward the email to the Federal Trade Commission (FTC) and file a report.

Make sure to secure your Apple ID with two-factor authentication.

Have you ever been scammed? Were you in situations where you almost got scammed? Share your story with us.