As a rule of thumb, take everything you read online with a grain of salt―including every account security email from Apple. If you’re not too careful, you could be serving your Apple account right into a phisher’s hands.

Remember that any cyber criminal would love to get their hands on your account info, especially your Apple ID. Your Apple ID, after all, is a link to all your Apple devices as well as access to your passwords, purchased contents, and even credit card information.

So if you recently got an email on your iPhone from Apple iMessages saying your username and password had been used to suspiciously log into an iPhone 6… tread carefully. It could very well be a bait to lure you into giving away your Apple ID or clicking on malicious links.

Telltale Signs of Phishing

You’re probably no stranger to phishing scams. In fact, you probably received an email or two from supposedly legitimate organizations/contacts/companies trying to procure log-in info from you. Although there are several ways by which you can receive such messages, your email and iMessage are where you typically find them.

How can you determine if an Apple email is legit or not? To the untrained eye, it can be difficult to tell an official one apart from those made for phishing. Keep in mind that online crooks have spent years mimicking official Apple emails to a point where you can’t always trust messages simply because they’re branded with Apple logos.

Look for other clues, instead. For instance, be wary of an email asking you to reset your password even when you haven’t recently prompted Apple to do so. Raise another red flag if the email asks you to login from a link.

Try hovering your cursor over links on the email. This should reveal their real destination so you know where you’ll be redirected when you click on them. The links should have “apple.com” in them or any official domain you’ve signed up with. Otherwise, don’t let your guard down.

More importantly, examine the email headers and see where it was sent from. Check whether the return address says it’s from Apple or any of its related services. See if the sender is from Apple, too, by tapping the sender’s name in the message header. The next screen will show you the sender’s actual address. Get ready to take the necessary action in case the sender isn’t from Apple.

Protect Yourself vs. Phishers and Email Scammers

Got enough evidence that the Apple iMessage email you received came from suspicious folks? In that case, let Apple know. Forward the message to reportphishing@apple.com.

From there, check with your mail provider on how you can create a filter to keep you from receiving any future emails from the suspected online scammer. Afterward, get rid of the phishing emails you have received.

Reclaiming a Hacked Apple ID

Let’s say you clicked on any link on those suspected phishing emails. Theoretically, your account should be safe as long as you didn’t input any Apple credentials on dubious websites. If you did and you suddenly lose access to your account, try regaining control of your Apple ID immediately.

For starters, sign into your Apple ID account page. In case you’re shown message that the account is locked or you can’t sign in, go to iforgot.apple.com. Once you’re in there, you can reset or unlock your account. If you still can’t sign in, get in touch with Apple Support.

We encourage you to set up two-factor authentication or two-step verification for your Apple ID from here on. Do this after you have updated and reviewed the personal and security info in your account. Those two measures should prevent anyone from accessing your account, even if they got a hold of your password.

To know more about how to deal with suspicious emails, check out Apple’s tips on dealing with phishing.

While no phishing ploys can readily pass the scrutiny of an iOS power user, they may easily fool newbie Mac-heads. And if you’re just moving from PC to Mac, the tips we’ve shared should keep you from being fooled into biting the proverbial poisoned apple.