FacebookTwitterLinkedIn

Do not trust the a phishing email regarding locked Apple ID

Also Known As: Apple ID spam
Type: Mac Virus
Damage level: Medium

What is Apple ID email scam?

As a rule, cybercriminals (scammers) behind phishing emails impersonate legitimate companies, organizations or other entities with the purpose to trick unsuspecting people into providing sensitive information.

Most of them target credit card details, and login credentials (e.g., usernames, email addresses, passwords) for various personal accounts. It is common that phishing emails contain a link designed to open a deceptive website where visitors are asked to enter personal information.

This phishing email is used to trick recipients into providing some of their Apple ID account information and banking-related details.

Apple ID email scam

Scammers behind this phishing email claim that they have detected that the recipient's Apple ID is being used by an unauthorized device and locked (blocked) to protect it from being used in the future.

Their main goal is to trick a recipient into believing that Apple ID is not going to be accessible until information on it is updated, which supposedly can be done via the provided website ("Update Now" hyperlink).

Additionally, scammers claim that if a recipient does not update information on Apple ID within 24, then the account will be locked permanently.

The provided fake Apple ID login website asks to enter the Apple ID (email address) and then provide details such as first and last name, date of birth, phone number, address (street, city, state, ZIP code), and credit card details such as cardholder name, credit card number, expiry date and security code (CVV number).

Usually, cybercriminals attempt to extract such details so they could sell them to third parties (other cybercriminals), use them to make unauthorized transactions, purchases, steal identities.

It is important to remember that the official Apple ID page (appleid.apple.com) does not ask for credit card details to restore or update the account.

Other fake Apple pages could ask to provide other sensitive information. In one way or another, none of the pages with suspicious URLs should be trusted, especially if they ask to provide personal information.

Threat Summary:
Name Apple ID spam
Threat Type Phishing, Scam, Mac malware, Mac virus
Fake Claim Apple ID is being used by another device
Symptoms Unauthorized online purchases, transactions, changed online account passwords/td>
Distribution methods Deceptive emails masquarading as letters from Apple regarding blocked Apple ID
Damage Loss of sensitive private information, monetary loss, identity theft.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

More examples of phishing emails used to trick recipients into providing sensitive information are "Monthly Email Validation Email Scam", "Upgrade Account Email Scam", and "Inode Quota Exceeded Email Scam".

It is important to mention that by having access to one account, cybercriminals may access to other accounts, too. They could do it if those other accounts have the same login credentials. In such cases, users of compromised accounts are strongly advised to change their other passwords as soon as possible.

Another important detail is that cybercriminals can use email not just to extract personal information but also to deliver malware.

How email virus infected my computer?

Emails that cybercriminals use to deliver malicious software have a malicious file attached to them, or they contain a download link for a malicious file.

In one way or another, the main purpose of their emails is to trick recipients into downloading and opening a malicious file (usually disguised as an important, official document). Spam campaigns used to deliver malicious software are called malspam campaigns.

In most cases, cybercriminals use malicious Microsoft Office documents, PDF documents, JavaScript files, executable files (like .exe, .run), or archive files (e.g., ZIP, RAR) to deliver malware via email. It is noteworthy that not all files in malspam emails install malware right after opening them.

For example, documents opened with Microsoft Office 2010 and later versions do not infect computers unless users enable editing/content (macros commands).

However, older MS Office versions do not have the "Protected View" mode, which prevents malware from being installed as soon as a malicious document is opened.

How to avoid installation of potentially unwanted, malicious applications?

Installed software and programs have to be updated or activated with tools, functions that their official developers provide/have designed. It is never safe to update or activate software with third-party tools - they can be and often are bundled with malware (used to distribute malicious programs).

Also, it is against the law to activate licensed software with unofficial tools. Files attached to irrelevant emails received from unknown, suspicious addresses should be ignored.

The same applies to links in emails of this kind. It is common that such emails look like official, important letters from legitimate companies, etc. Although, they often are sent by cybercriminals with a purpose to deliver malware. Programs, files should be downloaded from official, legitimate web pages.

Third-party downloaders (and installers), unofficial pages, Peer-to-Peer networks such as torrent clients, eMule (and other networks of this type), free file hosting pages, etc., are not reliable sources for downloading programs.

Also, a computer should be scanned for threats regularly, it should be done with a reputable antivirus or anti-spyware software. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text  in the Apple ID phishing email:

Subject: confirmation

confirmation
Dear: -

We've detect that your Apple ID is being used by another device that is unauthorized with your Apple ID. So that we will Lock your Apple ID to make sure your data is safe.

If your Apple ID was Locked you must update your Informations of your Apple ID Visit:
Update Now.If you already have update your Informations, your Apple ID will start to work as normal once again.

If you don't update your Apple ID Informations within 24 Hours, your Apple ID will be Locked Permanently.

Copyright © 2021 Apple Inc. One Apple Park Way
Cupertino, CA 95014 USA. All rights reserved.

Screenshot of the fake Apple ID sign-in website:

apple id email scam fake apple id sign in page

Screenshot of the fake Apple ID website asking to provide personal information to update the account:

apple id email scam fake apple id page asking for sensitive information

Another example of Apple ID-themed spam email:

Apple ID-themed spam email (2021-10-15)

Text presented within:

Subject: Case ID [15973490]

 

Hello,

Due to a problem with the payment method you provided, we couldn't charge your account for your case (#C02-9410698-37689194).

If you don't update your information in 24 hours, your Apple ID will be permanently locked. To unlock Apple ID, please visit this link to log in to your Apple ID and update your billing information.

hxxps://appleid.apple.com/update/billing
Apple Support
Copyright © 2020 Apple Inc.

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

mac browser hijacker removal from applications folder

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Mac Go To Folder step

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Mac removing related files and folders - step 1Check for adware generated files in the /Library/LaunchAgents/ folder:

Mac go to /Library/LaunchAgents - step 1

In the Go to Folder... bar, type: /Library/LaunchAgents/

Mac go to /Library/LaunchAgents - step 2

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Mac removing related files and folders - step 2Check for adware generated files in the ~/Library/Application Support/ folder:

Mac go to /Library/Application Support - step 1

In the Go to Folder... bar, type: ~/Library/Application Support/

Mac go to /Library/Application Support - step 2

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Mac removing related files and folders - step 3Check for adware generated files in the ~/Library/LaunchAgents/ folder:

Mac go to ~/Library/LaunchAgents - step 1

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

Mac go to ~/Library/LaunchAgents - step 2

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Mac removing related files and folders - step 4Check for adware generated files in the /Library/LaunchDaemons/ folder:

Mac go to /Library/LaunchDaemons - step 1

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

Mac go to /Library/LaunchDaemons - step 2

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Mac removing malware related files and folders - step 5Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Mac remove malware with Combo Cleaner - step 1

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

Mac remove malware with Combo Cleaner - step 2

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Safari iconRemove malicious Safari extensions:

Removal of malicious extensions in Safari - step 1

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

Removal of malicious extensions in Safari - step 2

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Google Chrome logoRemove malicious extensions from Google Chrome:

Removal of malicious extensions in Google Chrome - step 1

Click the Chrome menu icon Google Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

Removal of malicious extensions in Google Chrome - step 2

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Mozilla Firefox logoRemove malicious extensions from Mozilla Firefox:

Removal of malicious extensions in Mozilla Firefox - step 1

Click the Firefox menu firefox menu icon (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

Removal of malicious extensions in Mozilla Firefox - step 2

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Apple ID spam QR code
Scan this QR code to have an easy access removal guide of Apple ID spam on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.