Credit in my wife’s App Store account was used without her authorisation to make in app purchases elsewhere in the world on a device that she does not have. How can this happen?
On Wednesday morning she woke to find an email from Apple suggesting that she change her password as there were some suspicious purchases on her account. She then saw six invoice/receipts for in-app purchases in an app called airplane chef which she has never purchased. She had $76 in store credit and these unauthorised purchases used all but $1 of it. The credit card attached to her account was not used. She changed her password, deleted the credit card and requested a refund which Apple have denied. How could this happen? Isn’t 2 factor authorisation meant to prevent this? And why would Apple deny a refund?
Can anyone here shed any light on this.
Check which devices are on your wife’s Apple Account (Apple ID), and/or any separate Apple Accounts used for purchases. If she’s on a Family plan, also check all other Apple Accounts associated with the plan. Look for and remove any devices that you don’t recognize.
Is she sure that that email actually came from Apple? Did she follow any links in the message? That’s a strange thing for Apple to ask a user to do as opposed to, say, rejecting the suspicious purchases.
I’m seeing a lot of phishing emails thanking me for having bought something expensive from a well-known merchant and asking me to phone a number in the email if there was a problem. The sender on the email typically is from the vendor, but if you look closely for the email, you will find it comes from someone else. Don’t call the phone number; it takes you to a scammer. Geoff’s case may not be this kind of phish if the fake sales show up in your Apple account.
The email, definitely from Apple, was alerting her that a new device had used her account and if this was not her to change her password. No family plan and no unrecognised devices attached to her account. The Apple email said the purchases were made from the USA; she has never been to the USA.
But even if the thieves somehow obtained her account details how could they bypass 2fa? The only thought I have had is that in years past we have used foreign Simcards when travelling. Might one of those numbers have been still linked to her account? No extra phone numbers visible now though.