Apple ID Phish Goes Horribly Wrong

Beware scams in the wake of the App Store slip-up

Mac users began to have problems opening apps downloaded from the App Store Wednesday morning. This caused messages that the apps were damaged and would need to be re-downloaded from the App Store.

It turned out that the problem was an expired cryptographic certificate at Apple, used to verify the legitimacy of these apps. Apple didn’t renew it in time, and when it expired, App Store apps failed. Some people (like me) never even noticed, as the certificate was quickly renewed, and the problem didn’t affect all apps. Still, the problem really shouldn’t have happened in the first place.

However, some people are reporting seeing requests for their Apple ID in the wake of this issue:

App Store cert expiration

Such requests are legitimate. However, this leads me to wonder: how long will it be before the bad guys start spoofing a similar message via scam websites, in a variation of the tech support scams that have become so common these days.

Worse, my personal experience tells me that people are often unsure of the source of these kinds of messages, and are easily fooled when such a message is displayed by the web browser rather than OS X.

So, my advice to anyone seeing such a message is to take note of the app mentioned in the message, then cancel the message to get rid of it. Then, some users are reporting that a reboot is necessary to get things working, so restart your computer.

After rebooting, go to the App Store and verify that you are signed in. (If there is a Sign In item in the Store menu, choose it to sign in. If the item says Sign Out, you’re already signed in.)

Once you’re signed in, go to your Applications folder and delete the app in question. Next, go back to the App Store and click the Purchased tab, then download the app again.

Remember, guard your Apple ID password carefully! It is the key to all of your Apple services and devices, and you definitely do not want it falling into the wrong hands. Further, if you haven’t done so already, it would also be very wise to enable two-factor verification on your Apple ID.


Thomas Reed

Director of Mac & Mobile

Had a Mac before it was cool to have Macs. Self-trained Apple security expert. Amateur photographer.