If you use Apple Pay, beware of this clever phishing scam

iPhone and Mac users may think they are immune to online attacks because of the high level of security provided by Apple products. (That’s not quite true, but that’s a discussion for another day.) But that ignores the dangers of phishing, which involve tricking users into divulging vital data rather than overcoming a device’s defenses.

This is important to understand because some phishing scams can be extremely competent and difficult to detect, and even experienced tech users can be fooled. Such as a new campaign covered by AppleInsider this week that uses Apple Pay and a fake “blocked transaction” to create a sense of urgency and bully victims into revealing their account and payment details.

The scam starts with an email. The sender poses as an Apple employee and reinforces this impression by using official-looking logos and formatting and a display name that appears to come from an official Apple domain. (If you check by going to the address, you’ll see it’s from a completely different domain.) They claim they’re contacting you to warn you of a possible scam… but the only scam they’re trying to perpetrate is.

The email talks about a high-value Apple Pay purchase. The sender claims something went wrong: it came from an unknown device in an unknown location, or was otherwise suspicious. So Apple blocked the payment and prevented this device from accessing your Apple Pay account in the future. But here’s the catch: if the recipient of the email takes no action within a certain amount of time to confirm that it was a fraudulent attempt, Apple will assume that it was indeed fine and process the transaction. If you don’t act now, you will lose a large amount of money.

This, like almost all phishing attempts, is designed to create a sense of urgency. If the clock is ticking, the victim is less likely to insist on considering whether the email is legitimate, to seek advice or help from others, or even to contact Apple through its publicly available information. Instead, many users follow the instructions: Call the phone number in the email.

Needless to say, the number is not legitimate. It doesn’t lead to Apple support, but to someone who is part of the scam. And they’ll do everything in their power to convince you to reveal your Apple ID and other details (potentially including your bank details, which is where the “purchase” comes in) that will allow them to access your accounts.

How to avoid getting caught

This particular phishing campaign is likely to catch some people off guard, given the generally high standard of impersonation in its various stages. But there are plenty of clues that should reveal his sinister intentions. The fake display name has already been mentioned. AppleInsider also notes “awkward phrases like Hello {Name},” impossible IP addresses, and a phone number that apparently has nothing to do with Apple, as a quick Google shows.

Apple will also send push notifications through the Wallet app to notify you of any declined purchases. And they will never approve a potentially fraudulent transaction because you didn’t respond to a message.

More generally, any message that is so strongly related to creating a sense of urgency should be viewed with suspicion. It is important to respond to such messages carefully rather than hastily. Recheck all the details in the email. Google the numbers listed and a few phrases from the message to see if this is a common scam. Talk to a friend or loved one if they are more tech-savvy than you. For more advice, see How to protect yourself from phishing emails.

In this case, contacting Apple itself (obviously using the contact information on its website, not the phone number listed in the message) should quickly reveal that there is nothing to worry about. Except for the phishing scam you just avoided.