You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Fraudulent account set up using one of my non apple email addresses

Someone, I believe in China, has set up an Apple ID using one of my other email addresses. I can't get onto this account because the security questions are asked in Chinese script. I have been to Apple Help but they can't help. What I'd like to do is somehow shut this account because it is using my main personal email address (which hasn't been hacked and I've twice changed the password) so I have all sorts of things - non apple - attached to this account.

Does anyone know who I can go to for help to shut this fraudulent account please?

Posted on Nov 6, 2024 8:17 AM

Reply
6 replies

Nov 6, 2024 9:41 AM in response to susannah37

Just a couple of points:

  • A person cannot create an Apple ID without verifying a code sent to that email address, so they would need access to your email account to retrieve that code.
  • Yes Temu is problematic and you can expect many phishing attempts to that email address used. I assume you did not use the same password on that site that you have used previously for another service. If so, that other service may be in jeopardy. I would also recommend to never provide TEMU any financial information.

Nov 6, 2024 10:26 AM in response to susannah37

susannah37 wrote:

This is the point that I’ve spoken to Apple about because there is no way my email address has been hacked, I can find no evidence of this. I believe they set up an account using my email address as the secondary and then swopped them round using security questions rather than email validation. This is a gaping hole in Apple’s security.
I used an Apple generated strong password for Temu.

Even setting up a secondary email address requires a validation email:

About your Apple Account email addresses - Apple Support


There is not a way to bypass this email validation, such as answering security questions. Users are instructed to just check their junk mail, resend code, or contact your email provider.

If you didn’t receive your verification or reset email - Apple Support


Glad you used a separate password for your TEMU account, I would still be wary of any financial accounts being entered.


Sorry I could not be more helpful. You may want to check if that email address has been leaked in any of the known data breaches. I understand the hesitancy of wanting to enter your email address into a site when you are already concerned about it, but this site has been used by many people for a very long time. If your email provider pops up there or any site where you happened to use the same password, then there is the answer.

https://haveibeenpwned.com

Nov 6, 2024 8:47 AM in response to susannah37

It is not unusual for an email provider to reuse an email address after the original owner closes the account. Someone may have used that email as an Apple ID before the provider reissued it to you.


The good news is that it will not be tied to your Apple ID at all, but you will not be able to access the Apple ID that uses your personal email address to make any changes.


For example, I can have an email account at me@xyz.com and create an Apple ID with it and then can close my email account with that provider and continue to use it as an Apple ID. There is no requirement that the Apple ID email address must remain active. You then request the same email at me@xyz.com from your email provider and it is now available, You won't be able to access the Apple ID that used it previously or even create your own Apple ID using that email address.


If you could access that account it would be a huge security failure. Think about it in reverse, if you changed email providers and someone scooped up your previous address and had access to your Apple ID that used it.

Nov 6, 2024 9:19 AM in response to Mac Jim ID

This is what's so strange. I have had the email address for more than 25 years so it's incredibly unlikely that someone else had the address before me. It's a very idiosychratic address, to be honest. The fact that they have set up an account very recently is a massive security failure in itself. I can't work out how they have done it but any changes they make are linked to a second email address which I can only see a part of. More than anything it's unnerving because I continue to receive emails from apple about changes to the password and other things on that account. Sometimes in English and sometimes in Chinese. The account was created 1 week after I stupidly signed up with Temu using that address!!

Nov 6, 2024 9:53 AM in response to Mac Jim ID

This is the point that I’ve spoken to Apple about because there is no way my email address has been hacked, I can find no evidence of this. I believe they set up an account using my email address as the secondary and then swopped them round using security questions rather than email validation. This is a gaping hole in Apple’s security.

I used an Apple generated strong password for Temu.

Fraudulent account set up using one of my non apple email addresses

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.