Skip to main content

Remove / fake email scam

Beware of scam emails that appear to come from or and entice Apple customers into clicking a malicious link.

Numerous users of Apple products are being targeted by a new round of scam emails that stand out from the crowd in terms of their credibility. The goal of this campaign is fairly prosaic – to wheedle out people’s sensitive credentials, but the implementation is somewhat intricate. The target individuals are receiving emails that, upon superficial inspection, seem to come from the legit sender. These messages are designed to resemble an automatically generated receipt for a purchase that the victim never actually made. The item that the recipient allegedly paid for is some sort of a service subscription or VIP membership, the amount withdrawn from their account usually being $12.99. To make the hoax look more true-to-life, the email provides extra details such as the date of the transaction and the 9-digit Apple Store order number. This information is a smokescreen that grabs the user’s attention and encourages them to learn more, given that, again, they never bought the item listed in the message.

Fake order notification pretending to come from

THaving taken a closer look at the email, though, an attentive user will spot a few giveaways that indicate how misleading it is. First off, the actual email address of the sender is or Obviously, there is a mismatch between these addresses and The long string denoting the full domain is something people might overlook, so they perceive the encounter as if it were actually initiated by the Apple Store service. Speaking of the recent wave of these scam emails, one more telltale sign of their fishy nature is that they mentioned April 31, 2019 as the deadline for cancelling the order. Well, the crooks should consider using the calendar to see if the date even exists or not. Below is the text of the fraudulent message in question (date and order number omitted):

“Thank you for your purchase,

Here’s a receipt for your purchase:

Order number:

Order date:

Item name: Tantan – Member VIP

Item price: $12.99 USD

Payment method: iOS App Store (Debit / Credit Card)

Platform: iPhone XR

Amount charged: $12.99 USD

You can view the details of this purchase transaction or cancel this transaction until 12:01 UTC on April 31, 2019.”

The pivot point of the email hoax is the link that says, “Cancel This Purchase”. This is exactly what the average user will want to do after finding out that they have been billed for something they didn’t buy. However, by following that link the victim is redirected to a replica of the login page for the legit Apple service. It doesn’t take a genius to understand what happens to the username and password if entered on the fake authentication screen. The criminals behind this fraud will get unrestricted access to the person’s Apple account and all personal details, including payment information.

Counterfeit order receipt in scam email

It’s noteworthy that the users receiving the fake notifications have been also reporting dodgy messages from These ones are also camouflaged as order receipts for some item that the victim didn’t actually purchase. In this case, though, it’s claimed to be for “App Store & iTunes Gift Card by Email – Birthday”. The order total is higher than in the above scenario ($50), so the recipient is even more likely to search headlong for an option to cancel it. Having found and clicked on the appropriate link in the Questions section underneath the main message, the victim is forwarded to a bogus login form similar to the one used in the previously described fraud. The aftermath is the same – the victim’s sensitive information ends up in the felons’ hands.

There are a few serious caveats to these scam campaigns, aside from the apparent risk of identity theft. First of all, the fact that the phony message reaches one’s inbox probably means that the perpetrators know the user’s email address. Where from? It’s within the realms of possibility that the person’s Apple device was compromised in the past, or their confidential data was leaked as a result of a breach incurred by a service they used. To top it all off, the links to cancel the inexistent order may lead to a drive-by malware download that takes place behind the victim’s back. One way or another, it might not be enough to simply refrain from filling out Apple credentials on the linked-to counterfeit landing page. It’s also worthwhile to check the device for malicious code that may be spilling private information or causing other adverse effects.

Get rid of / scam virus using Combo Cleaner removal tool

The Mac maintenance and security app called Combo Cleaner is a one-stop tool to detect and remove The scam virus. This technique has substantial benefits over manual cleanup, because the utility gets hourly virus definition updates and can accurately spot even the newest Mac infections.

Furthermore, the automatic solution will find the core files of the malware deep down the system structure, which might otherwise be a challenge to locate. Here’s a walkthrough to sort out the The scam issue using Combo Cleaner:

  1. Download Combo Cleaner installer. When done, double-click the combocleaner.dmg file and follow the prompts to install the tool onto your Mac.

    Download Combo Cleaner

    By downloading any applications recommended on this website you agree to our Terms and Conditions and Privacy Policy. The free scanner checks whether your Mac is infected. To get rid of malware, you need to purchase the Premium version of Combo Cleaner.

  2. Open the app from your Launchpad and let it run an update of the malware signature database to make sure it can identify the latest threats.
  3. Click the Start Combo Scan button to check your Mac for malicious activity as well as performance issues.

    Combo Cleaner Mac scan progress

  4. Examine the scan results. If the report says “No Threats”, then you are on the right track with the manual cleaning and can safely proceed to tidy up the web browser that may continue to act up due to the after-effects of the malware attack (see instructions above).

    Combo Cleaner scan report – no threats found

  5. In case Combo Cleaner has detected malicious code, click the Remove Selected Items button and have the utility remove The scam threat along with any other viruses, PUPs (potentially unwanted programs), or junk files that don’t belong on your Mac.

    Combo Cleaner – threats found

  6. Once you have made doubly sure that the malicious app is uninstalled, the browser-level troubleshooting might still be on your to-do list. If your preferred browser is affected, resort to the previous section of this tutorial to revert to hassle-free web surfing.

Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in