Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Phishing Scam – 'Apple ID Used to Download OS X Mavericks' Email


Email purporting to be from the Apple Security Department warns recipients that their Apple ID was used to download OS X Mavericks and urges them to open an attached file to confirm their accounts if they did not initiate the download.

Facebook phising
© fotoscool

Brief Analysis

The email is not from Apple. It is a phishing scam designed to trick users into giving their Apple account login details and financial information to criminals. The attached file contains a bogus HTML form that requests account and credit card details.


Dear Apple Customer,

Your Apple ID, was just used to download OS X Mavericks from the Mac App
Store on a computer or device that had not previously been associated with
that Apple ID.

This download was initiated from Spain.

If you initiated this download, you can disregard this email. It was only
sent to alert you in case you did not initiate the download yourself.

If you did not initiate this download, you have to confirm your account and
validate your informations, so we recommend you to :

1- Download the attached document and open it in a secure browser.
2- Follow the verification process to protect your account.

Your sincerely.

Apple Security Department.
Apple Support

Detailed Analysis

This email, which purports to be from Apple's Security Department, warns recipients that their account was used to download a copy of OSX Mavericks from a computer or device not previously associated with their Apple ID.

The message claims that the download was initiated from Spain. It suggests that, if recipients did not initiate the download, they should open an attached file to confirm their account and validate their 'informations'.

However, the email is not from Apple and the warning about an unauthorized download is designed to trick people into opening the attached file. The attachment contains a HTML form that lodes in the user's browser when opened. The bogus form first asks for the user's Apple account login details. It then asks for ID and credit card information, ostensibly so that the user's account can be verified and 'protected'.

All the information submitted on the fake from can be harvested by criminals and used to hijack the real Apple accounts belonging to victims. The criminals may also conduct fraudulent credit card transactions and try to steal the identities of victims.

The scammers responsible for the email hope that at least a few recipients will be panicked into opening the attachment and supplying the requested information in the mistaken belief that their Apple ID has been compromised.

Like other high profile companies, Apple is almost continually targeted in phishing campaigns. Apple will never send you an unsolicited email that asks you to login and verify account details by clicking a link or opening an attached file.

Last updated: February 19, 2014
First published: February 19, 2014
Written by Brett M. Christensen
About Hoax-Slayer

Phishing Scams - Anti-Phishing Information