The iTunes Store will never ask you to provide personal information or sensitive account information (such as passwords or credit card numbers) via email.
Email messages that contain attachments or links to non-Apple websites are from sources other than Apple, although they may appear to be from the iTunes Store. Most often, these attachments are malicious and should not be opened. You should never enter your Apple account information on any non-Apple website. Apple websites that require Account information have apple.com, such as http://store.apple.com, or iforgot.apple.com (with the exception being iCloud.com).
This article describes what steps you should take if you feel you've received one of these malicious emails or your account information has been compromised due to an attempt to take your personal information (known as "phishing").
What the iTunes Store will never ask you to provide via email:
- Social Security Number
- Mother's maiden name
- Full credit card number
- Credit card CCV code
"Phishers" create elaborate websites that look similar to iTunes, but their sole purpose is to collect your account information. Often, a fake email will ask you to click on a link and visit one of these phishing websites to "update your account information."
In general, all account-related activities will take place in the iTunes application directly, not through a web browser. If you are asked to update your account information, make sure that you do so only in iTunes or on a legitimate page on Apple.com, such as the online Apple Store.
If you have received a suspicious email, please notify iTunes Customer Support by visiting our website: www.apple.com/support/itunes/store.
- For tips on protecting the security of your iTunes Store account, see iTunes Store: Best practices for protecting the security of your account.
- For more tips on recognizing Phishing emails, see Identifying fraudulent "phishing" email.