Whenever you receive an email that’s allegedly from a company, but it’s asking you to click a link and confirm some piece of information said company should already be very familiar with, you have every right to be skeptical. In fact, you should be very skeptical; common sense is your best, first defense against phishing attempts.
If you’ve been one of the people who was given early access to the Apple Card, you might have received a strange-sounding email from Apple asking you to verify your Apple ID before you can proceed with an application. You’ve probably never gotten this kind of an email from Apple before, especially if the company sent it to the email address you used to sign up for notifications about the Apple Card.
The email reads:
“You wanted to be one of the first to get Apple Card — a new kind of credit card created by Apple, not a bank. Good news: Here’s your chance to experience Apple Card before everybody else, so you can help us get ready for the public launch. Your early access invitation is waiting, but we need your Apple ID to send it. The email address you provided does not match an Apple ID signed in to iCloud. Just complete a few simple steps so we can send your invitation.”
It goes on to ask you to look up the Apple ID you’re using on your iPhone, and then enter that email address using the “Notify Me” button on the Apple Card website.
In this case, your skepticism—though valid—is unwarranted. This is actually a legitimate email from Apple, even though you might be receiving it in error. If it’s going to the primary email address you use for your Apple ID, then there’s no reason why Apple needs to confirm the email address you provided, as you likely used this exact email address when signing up for notifications about the Apple Card. Nevertheless, you’ll have to click or tap the “Notify Me” button and enter your Apple ID again if you want to start the process of signing up for the Apple Card.
Maintain your vigilance against phishing emails
Don’t let this little oops on Apple’s part make you lazy about these kinds of emails going forward. When a company asks you (out of the blue) to confirm information it already has:
- Check the sender’s email address. Make sure it’s not coming from some wacky subdomain (like apple.totallylegit.net) that might otherwise make it appear authentic at a quick glance.
- Consider typing any URLs mentioned in the email into your browser, rather than clicking on the hyperlink—in case an email is trying to phish you by assuming you won’t notice a fake URL in the address bar after you click on a link.
- Always check the address bar when you click on a link in an email. Ask yourself: Is this really the company or legitimate website you’re trying to reach? Don’t get fooled by shortened URLs or dummy characters, like when someone uses an “I” or a “1″ instead of an “l.”
- Don’t open attachments you weren’t expecting to receive.
- When in doubt, contact a company directly— either via an email you send directly to their customer support, an online chat, or a phone call. They’ll be able to confirm whether any emailed requests are legitimate or not.