No matter where you are on the internet, you need to be on the lookout for scams — and that includes Apple's App Store. Scams aren't common on the App Store because all apps are reviewed by Apple before they're posted, but crafty scammers are always looking for new ways to fool you. The latest scam tricks you into making expensive purchases with Touch ID on your iPhone or iPad.
Touch ID is designed to keep our data safe by requiring a fingerprint scan to unlock our phones or access secure apps. Unlike a password, which can be stolen or guessed, only we have access to our fingerprints. But even though Touch ID adds extra security to our iPhones, it can be abused by fraudulent apps.
In this case, two fitness apps — Fitness Balance and Calories Tracker — asked you to put your finger on the Touch ID scanner to view personalized recommendations. Since we use Touch ID all the time on our iPhones, it's almost habit to tap our finger to the scanner when asked, and this scam takes advantage of that. When you activated Touch ID, the app would bring up an in-app purchase for $100 or more. By default, the App Store uses Touch ID to confirm purchases on devices that have Touch ID and having your finger on the scanner when the purchase option came up meant the money was usually spent before you had a chance to react.
These two apps have been pulled from the App Store, but they're a lesson that you always need to be wary of scams. This isn't a hack or an exploit — it's just scammers tricking us into handing over our cash. While these apps looked legitimate, the first warning sign was that they asked for a fingerprint to show innocuous information like diet tips. On your iPhone, Touch ID is used to secure banking apps and passwords. An app locking all of its content behind a fingerprint scan should set off warning bells. Fraudulent websites use the same trick by presenting us with a site that looks just legitimate enough that we enter our passwords without thinking. When an app or website asks you for your fingerprint or password, stop to consider whether this is information that should be secured — if not, it could be a scam.
Fortunately, if you've fallen for a scam like this it's simple to report it to Apple and get your money back:
- Go to reportaproblem.apple.com and log in with your Apple ID.
- You should see a list of recent purchases. Scroll or search to find the fraudulent purchase.
- Click "Report" and follow the prompts to explain what happened.
You can submit reports on anything you've purchased from Apple within the last 90 days. Once you've sent in the report, you should hear back from Apple in a day or two.
There has also be a rise in phishing scams that involve someone claiming to be from Apple Support telling you that your Apple ID has been hacked and threatening to close your account. When something seems amiss, check for typos and double check where the email is actually coming from.