I think it’s a scam

[ozziegiraffe]

I received an email from do_not_reply@itunes.com asking me to update payment details for my iCloud storage. I cancelled my iTunes subscription some time ago, but do have 200 g of storage, which is paid for monthly by credit card. Most of the details look authentic, but the storage amount says 205 g, and the email address looks fishy to me with the underscores.
Do you think it’s a scam?

[Phar Lap]

Dec 26, 2023 3:28:10 GMT -5 ozziegiraffe said:

I received an email from do_not_reply@itunes.com asking me to update payment details for my iCloud storage. I cancelled my iTunes subscription some time ago, but do have 200 g of storage, which is paid for monthly by credit card. Most of the details look authentic, but the storage amount says 205 g, and the email address looks fishy to me with the underscores.
Do you think it’s a scam?

Is the Pope Catholic?

[HalcyonDaze]

It does sound like a scam.

I always google some of the key words in those emails and the address to see what comes up.

Seems there are a lot of iCloud email scams, and this is from one of the sites talking about them.

If you’re unsure whether the email is legitimate or not, here are a few tips:

Check the sender’s domain. That’s whatever comes after the “@” symbol in an email address. Official emails from Apple will read either “@apple.com” or “@icloud.com”. Any other domain claiming to be from Apple is most likely a phishing scam. Be wary of subdomains (e.g. “@apple.scam.com”) and replacement of visually similar characters (e.g. “@appie.com”)
The same goes for links in the email. Without clicking a link, you can hover over it (desktop) or long-press it (mobile) to preview the link URL. Here you can inspect the domain, which is whatever comes before the first single slash (e.g.” www.comparitech.com/vpn/”). Make sure you trust the link and that there are no spelling errors or suspicious subdomains.
If you feel rushed to make a decision, stop to consider that it could be a scam. Scammers always try to instill a sense of urgency in victims so they don’t have time to think things through.
Instead of clicking the link, navigate to Apple’s website through some other means. Use a bookmark that you trust or even a Google search (but make sure not to click the ads at the top of search results).
Just because a URL has “https” at the beginning doesn’t mean it’s safe. HTTPS is now used by more than half of phishing sites.

[groo]

I receive such emails constantly, and I do not even use iCloud.

[ozziegiraffe]

Thank you, Hal, for the tips. My niggles were correct. They are getting so clever.

[Liiisa]

Yup, I was going to say scam too. Any Apple emails I get (like "your autopayment for TuneIn Internet Radio has been received") come from "email.apple.com," not itunes.com.

[Webs]

When ever I get an email asking for update of payment details, I ignore the email and go directly to the website of the company, investigate my details and if they're accurate I send the orginal email to spam.

I never click on links within emails.

[Liiisa]

Dec 26, 2023 12:23:13 GMT -5 Webs said:

When ever I get an email asking for update of payment details, I ignore the email and go directly to the website of the company, investigate my details and if they're accurate I send the original email to spam.

I never click on links within emails.

Ding, exactly what I do too, but I don't send the original to spam if it's a correct alert, since otherwise email might filter it to spam next time?

[ozziegiraffe]

Dec 26, 2023 13:37:07 GMT -5 Liiisa said:

Dec 26, 2023 12:23:13 GMT -5 Webs said:

When ever I get an email asking for update of payment details, I ignore the email and go directly to the website of the company, investigate my details and if they're accurate I send the original email to spam.

I never click on links within emails.

Ding, exactly what I do too, but I don't send the original to spam if it's a correct alert, since otherwise email might filter it to spam next time?

That’s exactly what I did, and everything seemed in order.

[vinnyd]

They wanted you to reply to an email address that began with do_not_reply?

They should have worked on that a bit.

[Liiisa]

lol vinny. I imagine there was a link.

[ozziegiraffe]

Yes, no reply needed.

[wombatrois]

I look at emails very closely. Today's close look was from paypal. It was legit, but my mac indicated it was spam!

[Liiisa]

I got an email yesterday from a guy named Barry asking how to sign up for couples golf because he had just moved in to a place that I forget the name of now.

I searched his email and found his LinkedIn profile, so he seemed like an actual person, and then searched the name of the place and it turned out to be a retirement community with a golf course in the town where LinkedIn said he lived, so that was all legit. So I emailed him back like "you have the wrong email address" instead of reporting him as spam. I suppose a very clever spammer could have faked all that, but why.

[ozziegiraffe]

I just received another identical email. In case it’s genuine, I went into my settings on my phone and added a second payment method. I will report back when the payment appears.
If is genuine, I don’t want to lose my storage.

[jimm]

Ozzie - are you sure it's from Apple? Are you able to see the sender's full email address?

Oh - it's a scam alright - see here:

discussions.apple.com/thread/254645054?sortBy=best

and here:

support.apple.com/en-us/102406

[ozziegiraffe]

Thank you for that. I haven’t clicked on anything, because I was suspicious. The iPad I’m using has a different Apple ID, and I added the second payment method through settings on my phone.

I’ve now forwarded the suspicious email to apple’s phishing report email.