Phishing refers to fraudulent attempts to get personal information from you. Scammers use any means they can—spoofed emails and texts, misleading pop-up ads, fake downloads, calendar spam, even phony phone calls—to trick you into sharing information, such as your Apple ID password or credit card numbers.
If you receive a suspicious email that looks like it's supposed to be from Apple, please forward it to firstname.lastname@example.org.
On your Mac, include more details by selecting the email and choosing "Forward as Attachment" from the Message menu.
How to avoid phishing and other scams
While browsing the web, if you see a message that your iPhone, Mac, or other Apple device has a virus, or someone claiming to be from Apple calls and asks for your account name and password, you’re likely the target of a scam. Here are some things you can do to avoid them.
- Protect your Apple ID. Use two-factor authentication, always keep your contact information secure and up to date, and never share your Apple ID password or verification codes with anyone. Apple never asks for this information to provide support.
- Learn how to identify legitimate Apple emails about your App Store or iTunes Store purchases.
- Never use App Store, iTunes, and Apple Store Gift Cards to make other kinds of payments.
- If you send or receive money with Apple Pay (U.S. only), treat it like any other private transaction.
- Learn how to keep your Apple devices and data secure.
- In general, never share personal information like credit card numbers, unless you can verify the recipient is who they claim to be.
- Don't follow links or open or save attachments in suspicious or unsolicited messages.
- If you have any doubts about a request or communication, or even if you if you just need to update your information with a company, contact that company directly.
If you believe that your Apple ID has been compromised, or if you might have entered your password or other personal info on a scam website, change your Apple ID password immediately.
If you get a suspicious email or message
Scammers try to copy email and text messages from legitimate companies to trick you into giving them your personal information and passwords. These signs can help you identify scams:
- The sender’s email or phone doesn’t match the name of the company that it claims to be from.
- The email or phone they used to contact you is different from the one that you gave that company.
- A link in a message looks right, but the URL doesn’t match the company’s website.*
- The message looks significantly different from other messages that you’ve received from the company.
- The message requests personal information, like a credit card number or account password.
- The message is unsolicited and contains an attachment.
Please report suspicious emails and messages:
- If you receive a phishing email that's designed to look like it’s from Apple, send it to email@example.com. If you forward a message from Mail on your Mac, include the header information by selecting the message and choosing Forward As Attachment from the Message menu.
- To report spam or other suspicious emails that you receive in your iCloud.com, me.com, or mac.com Inbox, send them to firstname.lastname@example.org.
- To report spam or other suspicious messages that you receive through iMessage, tap Report Junk under the message. You can also block unwanted messages and calls.
If your web browser displays annoying pop-ups
While browsing the web, if you see a pop-up or alert that offers you a free prize or warns you about a problem with your device, don't believe it. These types of pop-ups are usually fraudulent advertisements, designed to trick you into giving the scammer personal information or money.
Don't call the number or follow the links to claim the prize or fix the problem. Ignore the message and simply navigate away from the page or close the entire window or tab.
If you're prompted to download software
Use extreme caution if you download content from the internet. Some downloads found on the internet may not contain the software they claim to, or may contain software that you didn't expect or want. This includes apps that ask to install configuration profiles that can then control your device. If installed, unknown or unwanted software may become intrusive and annoying and could even damage your Mac and steal your data.
To avoid unwanted, fake, or malicious software, install software from the App Store or get it directly from the developer's website. Learn how to safely open software on your Mac or remove unwanted configuration profiles from your iPhone, iPad, or iPod touch.
If you get a suspicious phone call or voicemail
Scammers may spoof legitimate company phone numbers and use flattery and threats to pressure you into giving them information, money, and even iTunes gift cards. If you get an unsolicited or suspicious phone call from someone claiming to be from Apple, just hang up.
You can report fraudulent tech support calls to the Federal Trade Commission (U.S. only) at reportfraud.ftc.gov or to your local law enforcement agency.
If you accepted a suspicious Calendar invitation
If you get an unwanted or suspicious calendar invitation in Mail or Calendar, you can report it as Junk in iCloud.
To delete an invitation that you already accepted, tap the event, then tap Decline or Delete Event. If you unintentionally subscribed to a calendar you didn't want, open the Calendar app, tap Calendars and look for an unknown or suspicious calendar. Tap the calendar, then scroll down and tap Delete Calendar.
*To confirm the destination of a link on your Mac, hover your pointer over the link to see the URL. If you can't see the URL in the status bar in Safari, choose View > Show Status Bar. On your iOS device, touch and hold the link.