PSA: Watch out for these convincing App Store subscription phishing emails

Representing such a large and diverse percentage of the market, Apple customers are common targets of phishing attempts. Whether they be innovative methods via iOS applications or traditional email phishing attempts, it’s important for customers to remain skeptical of communication asking for sensitive information.

A new wave of phishing attempts targeted at Apple customers comes in the form of subscription renewal email and has seemingly become so widespread, Apple has shared new tips on protecting yourself…

While this isn’t a new type of phishing attempt, it seems to have picked up quite a bit of momentum in recent weeks. Essentially, the email poses as an official message from the App Store containing information about a new subscription agreement.

The email seen here depicts a YouTube Red subscription with a 1-month free trial and subsequent $144.99 per month renewal rate. The goal of that outrageous monthly is seemingly to entice people to click the “Cancel Subscription” link.

Clicking that link takes you to a page where the hacker wants to know information such as your Apple ID login, credit card details, or other private information. The information requested varies by the hacker, but Apple itself would never ask for this information over email.

There are obvious red flags with this email, though it is a pretty convincing fake. In the screenshot below, the YouTube TV Subscription Confirmation email is legit, where as the YouTube Red one is a fake. As you can see, the differences are small and would likely fool the average user.