Scam - "Your Apple ID has just been used to purchase..." - How to remove

If you received an email about a purchase of an item in the Apple App Store, iTunes, or elsewhere with your Apple ID, but you did not make that purchase, then the email may be fake.

Malicious actors sometimes use fake emails to spread malicious links and files. If the email you received has an attachment or a link that it instructs you to open, be careful: it could be malicious.

This email might start with the words “Your Apple ID has just been used to purchase…” or it could have other text. It could be a calendar even or even a notification pop-up.

About the App Store purchase scam:

Threat type Scam,


How the App Store purchase scam works An email is sent to you about a purchase made with your Apple ID,

it asks you to log in to your Apple account,

provided is a fake login form that sends all submitted credentials to scammers.

Dangers posed by the scam Stolen credentials and other private information that could be used to steal your account.
How to avoid scam emails Familiarize yourself with legitimate Apple emails and with the techniques that scammers use,

use 2FA to improve the security of your account,

use anti-malware tools (Combo Cleaner, Malwarebytes, and others) to protect yourself from malware and from malicious websites.

How the purchase scam works

Malicious emails designed to look like real App Store updates

Cyber-criminals and scammers have been focusing a lot on Mac and iOS users. They use adware, spyware, and other malicious applications to take advantage of people. They also use malicious emails, such as Apple ID locked and Account Suspended, to try and steal the login details and personal information of Mac users.

Another type of email scam is one that sends a supposed receipt of a potentially unauthorized App Store purchase:

  1. An email comes to your inbox thanking you for a recent purchase.
  2. The email claims to be from Apple, App Store, iCloud, or another Apple product.
  3. It says that your Apple ID was used to make a purchase and that the purchase was made on a device that you haven’t used before.
  4. Usually, the purchase featured in these emails is for in-game currency in mobile games, often between $10 and $100.
  5. The email may have a receipt as an attached file. Somewhere in the email text or in the attached file, there’s a link to cancel this purchase.
  6. The link leads to a website that looks a lot like an Apple site.
  7. This page asks you to type in your Apple credentials: your username, password, maybe even some personal details. This page is the scam; if you fill in the form, it’ll be sent to cybercriminals. If they have your login details, they could abuse them or sell them to other criminals.

Here’s an example of a scam email:

Dear customer,

Your Apple ID has just been used to purchase [app] from the App Store on a computer or a device that had never been associated with that Apple ID.


If you did not make this purchase or you believe an unauthorized person has accessed your account, Please find the document attached to cancel your purchase without delay.

Apple ID

Other versions of the scam emails don’t have a PDF attachment but provide a link to click in order to log in and refund the purchase. The link leads to a facsimile of an iForgot page or another Apple login page.

Old versions of these webpages get labeled as malicious:

An old fake iforgot site is detected by antivirus tools.Unfortunately, new malicious sites aren’t always detected by anti-malware scanners.

Potential dangers of the scam

The good news is that nobody has hacked your devices. The scam email is still just an email – all that the scammers need to send it is your email address. This address could have been leaked by a website ( or even just guessed randomly.

Opening the malicious file or link included in the scam email isn’t necessarily dangerous, either; submitting your credentials is.

If you did reveal your private details to scammers, reset your passwords as soon as possible. Also, check your computer for suspicious browser add-ons and apps and remove any that are suspicious.

"Your Apple ID has just been used to purchase"


How to avoid scams

Apple provides resources on how to avoid scams and how to check if an email is really from Apple.

Check your purchase history. If the purchase described in the email is not in your history, then the email is fake.

It may be beneficial to use anti-malware apps, such as Combo Cleaner, Malwarebytes, and others to block malicious websites and to check that no bad browser add-ons ad apps have been installed. Unfortunately, new malicious sites aren’t always recognized by anti-malware applications.

Most importantly, use 2-factor authentication to protect your Apple account. This way, no one can use your credentials without your involvement.

Automatic Malware removal tools

Download Spyhunter for Malware detection

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Leave a Reply

Your email address will not be published. Required fields are marked *