Do not trust the a phishing email regarding locked Apple ID

What is Apple ID email scam?

As a rule, cybercriminals (scammers) behind phishing emails impersonate legitimate companies, organizations or other entities with the purpose to trick unsuspecting people into providing sensitive information.

Most of them target credit card details, and login credentials (e.g., usernames, email addresses, passwords) for various personal accounts. It is common that phishing emails contain a link designed to open a deceptive website where visitors are asked to enter personal information.

This phishing email is used to trick recipients into providing some of their Apple ID account information and banking-related details.

Scammers behind this phishing email claim that they have detected that the recipient's Apple ID is being used by an unauthorized device and locked (blocked) to protect it from being used in the future.

Their main goal is to trick a recipient into believing that Apple ID is not going to be accessible until information on it is updated, which supposedly can be done via the provided website ("Update Now" hyperlink).

Additionally, scammers claim that if a recipient does not update information on Apple ID within 24, then the account will be locked permanently.

The provided fake Apple ID login website asks to enter the Apple ID (email address) and then provide details such as first and last name, date of birth, phone number, address (street, city, state, ZIP code), and credit card details such as cardholder name, credit card number, expiry date and security code (CVV number).

Usually, cybercriminals attempt to extract such details so they could sell them to third parties (other cybercriminals), use them to make unauthorized transactions, purchases, steal identities.

It is important to remember that the official Apple ID page (appleid.apple.com) does not ask for credit card details to restore or update the account.

Other fake Apple pages could ask to provide other sensitive information. In one way or another, none of the pages with suspicious URLs should be trusted, especially if they ask to provide personal information.

Threat Summary:

Name	Apple ID spam
Threat Type	Phishing, Scam, Mac malware, Mac virus
Fake Claim	Apple ID is being used by another device
Symptoms	Unauthorized online purchases, transactions, changed online account passwords/td>
Distribution methods	Deceptive emails masquarading as letters from Apple regarding blocked Apple ID
Damage	Loss of sensitive private information, monetary loss, identity theft.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

More examples of phishing emails used to trick recipients into providing sensitive information are "Monthly Email Validation Email Scam", "Upgrade Account Email Scam", and "Inode Quota Exceeded Email Scam".

It is important to mention that by having access to one account, cybercriminals may access to other accounts, too. They could do it if those other accounts have the same login credentials. In such cases, users of compromised accounts are strongly advised to change their other passwords as soon as possible.

Another important detail is that cybercriminals can use email not just to extract personal information but also to deliver malware.

How email virus infected my computer?

Emails that cybercriminals use to deliver malicious software have a malicious file attached to them, or they contain a download link for a malicious file.

In one way or another, the main purpose of their emails is to trick recipients into downloading and opening a malicious file (usually disguised as an important, official document). Spam campaigns used to deliver malicious software are called malspam campaigns.

In most cases, cybercriminals use malicious Microsoft Office documents, PDF documents, JavaScript files, executable files (like .exe, .run), or archive files (e.g., ZIP, RAR) to deliver malware via email. It is noteworthy that not all files in malspam emails install malware right after opening them.

For example, documents opened with Microsoft Office 2010 and later versions do not infect computers unless users enable editing/content (macros commands).

However, older MS Office versions do not have the "Protected View" mode, which prevents malware from being installed as soon as a malicious document is opened.

How to avoid installation of potentially unwanted, malicious applications?

Installed software and programs have to be updated or activated with tools, functions that their official developers provide/have designed. It is never safe to update or activate software with third-party tools - they can be and often are bundled with malware (used to distribute malicious programs).

Also, it is against the law to activate licensed software with unofficial tools. Files attached to irrelevant emails received from unknown, suspicious addresses should be ignored.

The same applies to links in emails of this kind. It is common that such emails look like official, important letters from legitimate companies, etc. Although, they often are sent by cybercriminals with a purpose to deliver malware. Programs, files should be downloaded from official, legitimate web pages.

Third-party downloaders (and installers), unofficial pages, Peer-to-Peer networks such as torrent clients, eMule (and other networks of this type), free file hosting pages, etc., are not reliable sources for downloading programs.

Also, a computer should be scanned for threats regularly, it should be done with a reputable antivirus or anti-spyware software. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text  in the Apple ID phishing email:

Subject: confirmation

confirmation
Dear: -

We've detect that your Apple ID is being used by another device that is unauthorized with your Apple ID. So that we will Lock your Apple ID to make sure your data is safe.

If your Apple ID was Locked you must update your Informations of your Apple ID Visit:
Update Now.If you already have update your Informations, your Apple ID will start to work as normal once again.

If you don't update your Apple ID Informations within 24 Hours, your Apple ID will be Locked Permanently.

Copyright © 2021 Apple Inc. One Apple Park Way
Cupertino, CA 95014 USA. All rights reserved.

Screenshot of the fake Apple ID sign-in website:

Screenshot of the fake Apple ID website asking to provide personal information to update the account:

Another example of Apple ID-themed spam email:

Text presented within:

Subject: Case ID [15973490]

 

Hello,

Due to a problem with the payment method you provided, we couldn't charge your account for your case (#C02-9410698-37689194).

If you don't update your information in 24 hours, your Apple ID will be permanently locked. To unlock Apple ID, please visit this link to log in to your Apple ID and update your billing information.

hxxps://appleid.apple.com/update/billing
Apple Support
Copyright © 2020 Apple Inc.

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is Apple ID email scam?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion