Apple on guard against fraudulent refund cases after scammers hack into accounts in China

PUBLISHED : Wednesday, 17 October, 2018, 12:59pm
UPDATED : Wednesday, 17 October, 2018, 10:34pm

Apple has advised its Chinese customers to adopt more stringent security measures when making payments with their Apple ID accounts after recent phishing scams resulted in financial losses for several hundred users.

The Cupertino, California-based technology giant also said it has seen a rising number of fraudulent refund cases in China, indicating that some consumers were trying to profit by filing false statements.

Some 700 Chinese users have claimed their Apple IDs were hacked by third parties who made unauthorised payments, resulting in losses of between a few hundred yuan to tens of thousands, the official China Central Television (CCTV) news reported on October 3. Apple only refunded money to a few users while rejecting the claims of the rest, it added.

“Our investigation found a small number of our users’ accounts were accessed through phishing scams where two-factor authentication was not enabled,” Apple said in a statement on Tuesday, two weeks after the CCTV news, without elaborating on the number of users affected.

“We also experienced a rise in false and fraudulent refund claims trying to take advantage of this incident,” Apple said.

The Apple security incident in China comes amid forecasts of challenging sales prospects for its expensive new iPhone in the world’s most populous country. Apple is expected to report lower third quarter sales in China, the world’s largest smartphone market, according to a report from Goldman Sachs on Sunday, which said there were multiple signs of rapidly slowing consumer demand in China.

Apple’s Cook visits world’s most valuable start-up during Beijing trip

Apple offers a number of third-party payment methods, including credit cards, Alipay and WeChat Pay, for purchases made in its app store, while consumers can also opt to make payments without inputting a password when the purchase amount is small. When phishing scammers steal ID information through misleading emails or links, they can steal money using mobile payment apps linked to Apple accounts if the user has disabled two-factor authentication.

Apple is proactively identifying suspicious activities and reaching out to affected customers, and strongly advise all users to enable two-factor authentication, which prevents unauthorised access to their accounts.

“We have taken several actions to protect our customers and have prevented a significant number of fraudulent transactions. For example, we are rejecting riskier orders by challenging recently altered accounts attempting to make purchases. We have already seen a dramatic reduction in those issues because of our continued efforts,” Apple said in the statement.

Alipay, the mobile payment service operated by Ant Financial Services, has advised its users who have linked their Apple identities to any payment services, including Tencent Holdings’ WePay, to lower transaction limits to prevent further losses, according to an Alipay statement on its Sina Weibo account on October 10.

Ant Financial is affiliated with Alibaba Group Holding, parent company of the South China Morning Post.