iTunes users targeted with £20 purchase refund scam - how to protect yourself

Telegraph Reporters and Cara McGoogan 29 July 2016 • 10:28am

iPod in front of iTunes screen — The scam email tells Apple customers they have spent over £20 on one song

Apple's iTunes customers are being warned to delete "scam" emails that are being sent to some customers claiming they have been charged more than £20 to download a song.

Reports have surfaced on social media of iTunes users receiving an email claiming to be from Apple, detailing an alleged recent song purchase from the iTunes Store that costs £23.34.

However, the aim appears to be to encourage them to click a link within the email to 'cancel and manage subscriptions', but in fact leads to a fraudulent website that asks users to enter their personal details.

Clever #phishing email: a fake iTunes invoice. The "cancel this purchase" link asks you to login to steal your creds pic.twitter.com/2gNlPETxzr
— Pwn All The Things (@pwnallthethings) July 23, 2016

Apple customers have also reported receiving emails claiming to be from iTunes that include a bill for Netflix.

Just had a very real looking FAKE email from iTunes trying to charge me £35.99 for netflix. Don't get scammed people!
— Rebecca Barrett (@beccabarrettuk) July 18, 2016

This type of online scam is known as 'phishing' and traps people by luring them into handing over personal details to what they believe are genuine correspondence from companies.

Recent phishing scams include a realistic internet service provider scam and an iCloud text message one.

How to protect yourself

The best way to protect yourself from the scam is by deleting suspicious emails and making sure you don't click on any links if you're uncertain about the source. Signs to look out for include attachments and links to non-Apple websites.

"Email messages that contain attachments or links to non-Apple websites are from sources other than Apple, although they may appear to be from the iTunes Store. Most often, these attachments are malicious and should not be opened. You should never enter your Apple account information on any non-Apple website," advised Apple.

Apple will never ask its customers to provide personal information or payment details, including credit card numbers and passwords, in an email or text message.

Fake emails can also contain tell-tale signs such as spelling mistakes and grammatical errors. If you are uncertain whether a text message or email is fake, call the company in question using a number on their website. Never call a phone number included in a suspicious message.

To shore up your safety online, when you receive an email asking you to check your account manually type the company's website into your browser rather than clicking on a link, which could take you to a fake version of the site.

"In general, all account-related activities will take place in the iTunes application directly, not through a web browser," said Apple's guidelines. "If you are asked to update your account information, make sure that you do so only in iTunes or on a legitimate page on Apple.com, such as the online Apple Store."

I already clicked on the link, what should I do?

If you think you may have fallen victim to the scam, contact your Apple and Action Fraud immediately. Depending on what information you believe you have shared with the scammers, you should change your passwords and contact your bank.