How to avoid being scammed by a fake Apple ID web page
Written by Tomas Meskauskas on (updated)
What is an Apple ID scam?
Scammers (cyber criminals) design many deceptive websites to have the appearance of official Apple (Apple ID) websites. In fact, the genuine address of the Apple ID website is appleid.apple.com (deceptive websites use different addresses). Furthermore, fake Apple ID websites usually do not function properly.
For example, menu links do not work. The main purpose of these scam sites is to obtain personal details from unsuspecting people. We strongly advise that you avoid unofficial Apple sites and, more importantly, do not provide any personal information.
More about the Apple ID scam
Typically, fake Apple ID sites ask visitors to enter their Apple IDs and passwords. Regardless of whether entered credentials are valid, these sites enable a pop-up window stating that the user's Apple ID has been locked for security reasons and must be unlocked by clicking the "Unlock Account" button (or another similar button).
Clicking the button leads to an account verification page. To unlock their accounts, users are asked to provide details such as first and last names, date of birth, telephone number, address and credit card details (including card number, security code, expiration date, etc.).
Apple ID accounts are not restored in this way on genuine, official Apple ID websites. Furthermore, an official Apple ID website would never demand credit card details to restore the user's account.
People who have provided any details of this type on a fake Apple ID site and/or have noticed suspicious activity on their bank accounts should change their passwords and inform their bank of the situation immediately. On the official Apple ID site, users can unlock their accounts using two-factor authentication.
This requires a trusted device, telephone number, or recovery key. Alternatively, it can be done by answering security questions on iforgot.apple.com and using an existing password. In any case, the official Apple ID site does not ask for the details demanded by fake, scam sites.
| Name | Apple ID Hacked Scam |
| Threat Type | Mac malware, Mac virus. |
| Fake Claim | Fake Apple ID pages are designed to trick users into providing personal details by stating that their accounts are blocked/disabled. |
| Serving IP Address (mailsecure-accountsdisable.warninghomicides[.]com) | 157.245.184.118 |
| Detection Names (mailsecure-accountsdisable.warninghomicides[.]com) | Sophos AV (Malicious), Full List Of Detections (VirusTotal) |
| Symptoms | Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites. |
| Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads. |
| Damage | Privacy issues, financial loss, stolen Apple ID or/and banking accounts. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Possible damage
Entering details on fake Apple ID pages can lead to serious problems relating to finances and privacy. Cyber criminals could use stolen accounts to make fraudulent purchases or steal personal data that could be accessed through an Apple ID account. Entered banking account credentials could be misused to perform transactions and purchases.
Avoid unofficial Apple ID (or other Apple) web pages and never be trust them. If the browser opens these pages, it is likely that there is an unwanted application installed. Information about how these shady apps are installed and how to avoid unwanted installations and downloads is provided below.
How did unwanted applications install on my computer?
People do not generally download or install rogue apps intentionally - they download and/or install them through deceptive ads that, when clicked, run scripts designed to cause unwanted downloads/installations. In other cases, people download/install shady apps through other regulat software that they have downloaded from the internet.
Such apps are often included in set-ups of other software. Offers to download or install unwanted apps are usually hidden in options such as "Custom", "Advanced", and so on. Some people fail to check these settings and leave them unchanged, thereby agreeing by default to download or install additional, unwanted software.
How to avoid installation of unwanted applications
To avoid unwanted installations/downloads, use only trustworthy and official websites when downloading software or files. Do not use third party downloaders, torrent clients, eMule and other Peer-to-Peer networks, unofficial websites, and so on.
If a setup contains settings such as "Custom", "Advanced", they should be checked carefully - also decline offers to install or download unwanted apps. Avoid clicking intrusive ads, especially if they are displayed on unofficial (dubious) websites. These usually redirect users to other untrustworthy or even malicious websites.
If you experience unwanted ads or redirects, remove all unwanted plug-ins, add-ons, and extensions that are installed on the browser and unwanted/suspicious programs installed on the computer. If your computer is already infected with rogue apps, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Screenshot of a pop-up on the Apple ID scam web page:
Fake Apple ID page asking to provide personal details:
Appearance of Apple ID scam (GIF):
Another variant of this scam where users are asked to enter their email or phone number:
Another variant of this scam where users are instructed to unlock their account:
Appearance of the second variant after clicking the "Unlock Account" button (GIF):
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is Apple ID scam?
- STEP 1. Remove files and folders related to unwanted apps from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
A pop-up scam is a deceptive online tactic where fraudulent pop-up windows appear on a user's screen, often while browsing the internet.
What is the purpose of a pop-up scam?
The primary purpose of a pop-up scam is to deceive and defraud individuals. These scams aim to trick users into taking actions that benefit the scammers, such as infecting their devices with malware, stealing personal or financial information, or convincing them to make payments for fake services or products.
Why do I encounter fake pop-ups?
You might encounter fake pop-ups while browsing the internet due to various reasons. One common cause is malicious advertising, where deceptive ads are displayed on websites you visit. Additionally, visiting untrustworthy or unsafe websites, clicking on suspicious links or notifications from shady sites (e.g., torrent sites), or having malware or other unwanted software on your device can lead to fake pop-up encounters.
Will Combo Cleaner protect me from pop-up scams?
Combo Cleaner scans all websites you visit, including those with pop-up scams, to detect any malicious ones. If it finds a harmful website, it will warn you and block access.
Outstanding!
▼ Show Discussion