Skip to main content
Remove / fake email scam

Remove / fake email scam

Beware of scam emails that appear to come from or and entice Apple customers into clicking a malicious link.

Numerous users of Apple products are being targeted by a new round of scam emails that stand out from the crowd in terms of their credibility. The goal of this campaign is fairly prosaic – to wheedle out people’s sensitive credentials, but the implementation is somewhat intricate. The target individuals are receiving emails that, upon superficial inspection, seem to come from the legit sender. These messages are designed to resemble an automatically generated receipt for a purchase that the victim never actually made. The item that the recipient allegedly paid for is some sort of a service subscription or VIP membership, the amount withdrawn from their account usually being $12.99. To make the hoax look more true-to-life, the email provides extra details such as the date of the transaction and the 9-digit Apple Store order number. This information is a smokescreen that grabs the user’s attention and encourages them to learn more, given that, again, they never bought the item listed in the message.

THaving taken a closer look at the email, though, an attentive user will spot a few giveaways that indicate how misleading it is. First off, the actual email address of the sender is or Obviously, there is a mismatch between these addresses and The long string denoting the full domain is something people might overlook, so they perceive the encounter as if it were actually initiated by the Apple Store service. Speaking of the recent wave of these scam emails, one more telltale sign of their fishy nature is that they mentioned April 31, 2019 as the deadline for cancelling the order. Well, the crooks should consider using the calendar to see if the date even exists or not. Below is the text of the fraudulent message in question (date and order number omitted):

“Thank you for your purchase,

Here’s a receipt for your purchase:

Order number:

Order date:

Item name: Tantan – Member VIP

Item price: $12.99 USD

Payment method: iOS App Store (Debit / Credit Card)

Platform: iPhone XR

Amount charged: $12.99 USD

You can view the details of this purchase transaction or cancel this transaction until 12:01 UTC on April 31, 2019.”

The pivot point of the email hoax is the link that says, “Cancel This Purchase”. This is exactly what the average user will want to do after finding out that they have been billed for something they didn’t buy. However, by following that link the victim is redirected to a replica of the login page for the legit Apple service. It doesn’t take a genius to understand what happens to the username and password if entered on the fake authentication screen. The criminals behind this fraud will get unrestricted access to the person’s Apple account and all personal details, including payment information.

It’s noteworthy that the users receiving the fake notifications have been also reporting dodgy messages from These ones are also camouflaged as order receipts for some item that the victim didn’t actually purchase. In this case, though, it’s claimed to be for “App Store & iTunes Gift Card by Email – Birthday”. The order total is higher than in the above scenario ($50), so the recipient is even more likely to search headlong for an option to cancel it. Having found and clicked on the appropriate link in the Questions section underneath the main message, the victim is forwarded to a bogus login form similar to the one used in the previously described fraud. The aftermath is the same – the victim’s sensitive information ends up in the felons’ hands.

There are a few serious caveats to these scam campaigns, aside from the apparent risk of identity theft. First of all, the fact that the phony message reaches one’s inbox probably means that the perpetrators know the user’s email address. Where from? It’s within the realms of possibility that the person’s Apple device was compromised in the past, or their confidential data was leaked as a result of a breach incurred by a service they used. To top it all off, the links to cancel the inexistent order may lead to a drive-by malware download that takes place behind the victim’s back. One way or another, it might not be enough to simply refrain from filling out Apple credentials on the linked-to counterfeit landing page. It’s also worthwhile to check the device for malicious code that may be spilling private information or causing other adverse effects.

Get rid of / scam virus using Freshmac removal tool

When confronted with issues like the scam on Mac, you can neutralize its toxic impact by leveraging a specially crafted system utility. The Freshmac application (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.

This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through automatic removal of the Mac fraud.

  1. Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software

    Download Now

  2. Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.

  3. The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.

  4. Check whether the malware problem has been fixed. If it perseveres, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.

  5. Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The scam shouldn’t be causing any further trouble.

Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in