A lot of you are receiving an alarming email, alerting you to an Apple App Store purchase you didn’t make. Due to the widespread nature of this scam, I’m going to break it down in detail for you. Please pass this info on to anyone you think might need to know about it. And if you receive the scam message (pictured below), just DELETE IT*, don’t click on the links or attachments!

It starts with an email:

The email’s intent is to worry you into cancelling or disputing a purchase you didn’t authorize. It’s completely false — no purchase has occurred, and your AppleID has not been used. The email address is spoofed and you can’t write back to the sender. But, there is an attachment that looks like a bill. And inside the attachment is:

You should never open attachments from unexpected emails, but I did to show you this. More concocted details about a purchase that never happened, but the sender wants you to believe that you’ll be charged for this item. You should never click the links in such an attachment, but here’s what you would see, if you were tricked into doing so:

At least this is what I saw. Thank you, Google Chrome, for looking out for me. Not all browsers post this when you visit a phishing site, and this is why I push most people to use Chrome. If your browser doesn’t show this warning, then the scammer’s invoice links will take you to:

Apple? No, but it is a very convincing copy of Apple’s website. So convincing that I worry that some people will type their email and Apple password into it. But that would be the worst thing to do. Anyone who types their info into this phishing website will be handing their password over to criminals.

And how bad will that be? If the thief learns your email address and Apple password, they will log into your iCloud account from their location and try any or all of the following:

  1. Change the password to lock you out of your account and devices.
  2. Go through your address book and contact everyone with spam or scams.
  3. Look through your photos and videos for blackmail material.
  4. Use your account on their devices to make purchases.
  5. Access your Apple email account to reset passwords for other dependent accounts (Facebook, Amazon, etc.).

If you’ve fallen for this scam or know anyone who does, please seek to reset the AppleID password ASAP! Changing the AppleID password would lock the criminal out of the account and stop them from causing further damage.

* If you want to go the extra mile and report this type of scam, Apple welcomes you to forward the message to reportphishing@apple.com . Then delete the phishing email!