Fraudulent iTunes "Phishing" Email Alert
A new scam has been recently identified involving fraudulent iTunes receipts.
What You Should Know:
"Phishing" refers to email that attempts to get people to provide personal information (e.g., account or credit card information) that fraudsters can later use to initiate unauthorized transactions. The email is often disguised to appear to be from a legitimate company or individual.
Recently, there has been a phishing email identified which appears to be from the Apple iTunes store containing fake invoices for iTunes purchases. The purpose of the email is to have the user click the “Refund” link where the user is prompted to enter their personal information including Apple ID and password, and credit or debit card information. The email is not from iTunes, and the order details are fake.
What You Should Do:
If you have received this phishing email, avoid clicking the link or entering your personal details on the site. If you are concerned about your account, log in to your iTunes account directly (not using any links in the email) and verify any transactions on your account.
If you believe you have been a victim of a phishing, consider the following:
- Contact your credit or debit card issuer immediately to protect your account. The card issuer can be reached at the number on the back of the credit or debit card. First Hawaiian Bank can be reached at 844-4444 (1-888-844-4444 from the continental U.S., Guam or CNMI).
- Report suspicious activity to the Federal Trade Commission.
- Contact a major credit bureau and request that a fraud alert be placed on your credit report. You only need to notify one as they are required to notify one another. The bureaus are: Equifax, 1-888-766-0008; Experian, 1-888-397-3742; and TransUnion, 1-800-680-7289.
- Update your iTunes credentials to prevent any undesired purchases or account modifications. Consider setting up two-step verification for your Apple ID. Instructions can be found on the Apple Support site.
The following guidelines will help you to avoid becoming a victim of a phishing scam:
- As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies (including Apple and First Hawaiian Bank) have policies that state they will never solicit such information from customers by email.
- It is always safest to log in to your online accounts by entering the site URL yourself or via an app supplied by the company.
- Be wary of an email that requires you to click a link or open an attached file to rectify an account issue, cancel a suspect payment or update account details. These are common phishing tactics.
- Verify the sender’s email address and any links in the email. In most browsers, simply hover over (but don’t click) any link in an email and you will see a pop-up that shows the true URL where you will be taken to.
- Be suspicious of official-looking email with bad grammar or spelling errors. Phishing emails commonly contain grammar or spelling errors because they often originate from foreign countries.
App Store and iTunes are trademarks of Apple Inc.