Apple users issued warning over 'manipulation' scam that drains bank accounts

Apple has issued a warning to UK users as a wave of scams continues to target consumers. Urging caution over social engineering, the tech giant has issued a series of steps to follow - and how to avoid the scams.

This is a form of manipulation used by scammers to deceive individuals into handing over sensitive information or money. According to Apple, these scams often involve criminals impersonating trusted companies or organisations.

They use convincing - and increasingly sophisticated - tactics to steal personal details like passwords, codes and financial information. The company warns that phishing remains one of the most common social engineering techniques, typically involving fraudulent emails. However, they warn that scammers will exploit any available channel to trick users into giving up confidential information or making payments.

This includes:

• Fraudulent emails and other messages that look like they are from legitimate companies, including Apple.

• Misleading pop-ups and ads that say your device has a security problem.

• Scam phone calls or voicemails that impersonate Apple Support, Apple partners, and other well known or trusted entities or individuals.

• Fake promotions that offer free products and prizes.

• Unwanted Calendar invitations and subscriptions

It advises that if you receive an unexpected message, call or request for personal information like your email, phone number, password, security code or money, it's best to assume it's a scam. When in doubt, contact the company directly through official support channel.

Watch for these signs to help identify if you’re being targeted as part of a social engineering attack:

• A scammer may call you from what appears to be a legitimate phone number for Apple or another trusted company. This is called “spoofing.” If the call seems suspicious, consider hanging up and dialing the vetted number for the company yourself.

• Scammers often mention personal information about you in an attempt to build trust and seem legitimate. They may refer to information that you consider private, such as your home address, place of employment, or even your Social Security number.

• They will often convey a desire to help you resolve an immediate problem. For example, they may claim that someone broke into your iPhone or iCloud account, or made unauthorized charges using Apple Pay. The scammer will claim they want to help you stop the attacker or reverse the charges.

• The scammer usually creates a strong sense of urgency to avoid giving you time to think and to dissuade you from contacting Apple yourself, directly. For example, the scammer may say that you are free to call Apple back, but the fraudulent activities will continue and you will be liable. This is false, and designed to prevent you from hanging up.

• Eventually scammers will request your account information or security codes. Typically they will send you to a fake website that looks like a real Apple sign-in page and insist that you verify your identity. Apple will never ask you to log in to any website, or to tap Accept in the two-factor authentication dialog, or to provide your password, device passcode, or two-factor authentication code or to enter it into any website.

• Sometimes, scammers will ask you to disable security features like two-factor authentication or Stolen Device Protection. They will claim that this is necessary to help stop an attack or to allow you to regain control of your account. However, they are trying to trick you into lowering your security so that they can carry out their own attack. Apple will never ask you to disable any security feature on your device or on your account.

How to identify fraudulent emails and messages

• The sender’s email or phone does not match the name of the company that it claims to be from.

• The email or phone they used to contact you is different from the one that you gave that company.

• A link in a message looks right, but the URL does not match the company’s website.2

• The message looks significantly different from other messages that you’ve received from the company.

• The message requests personal information, like a credit card number or account password.

• The message is unsolicited and contains an attachment.

They strongly advise people never to share personal information like passwords or security codes, they also ask people to avoid entering these details on a website someone else directs them to. Additionally, they recommend enabling two-factor authentication.

As part of their security guidance, the tech company also warns against using Apple Gift Cards to make payments to others and cautions users not to respond to suspicious calls or messages claiming to be from Apple. They stress that if you need to contact Apple, you should do so directly through their official support channels or in store.