The first rule of thumb is to never enter your iTunes Store account information in any website that is not Apple's and to never open any attachments from email addresses that are unknown to you, even if the email looks like it could be from Apple.
If you think you may have received a phishing attack via email, you can alert Apple using this email address: firstname.lastname@example.org.
As more and more people switch to iPhone and other Apple mobile products, these phishing attacks are likely to get more prevalent. The key to protecting your iTunes Store account, as with many online accounts, is password security. If you find that you can no longer log in to your account, or if you receive email invoices for purchases from the iTunes Store that you did not make, follow these steps:
- Go to Apple's iForgot website. iForgot will allow you to reset your account information to regain control of your account. When choosing a password, following simple rules can help you choose a safe and difficult to crack password. First, choose something that does not appear in a dictionary (using numbers to replace letters in a word and adding unique characters, such as exclamation points or question marks can greatly increase security) and be sure that your iTunes Store password is not shared with any of your other online accounts.
- Let your financial institution associated with your iTunes Store account know about the fraudulent charges.
- If you are unable to get access to your account using iForgot or if unauthorized charges on your account were made using an iTunes Store credit, contact iTunes Store Support immediately.
More tips to keeping your account secure
Always log out of your iTunes Store account after you complete your purchases. Many accounts are compromised because a user leaves their information logged on to a publicly accessible computer. Logging out prevents would-be wrong-doers from gaining access to your account. As mentioned above, use a different password for each of your online accounts. Of course, with the amount of websites that require password authentication this may seem nearly impossible. Try using applications like 1Password on the Mac to help manage your security.
You should also be careful how you share your password. The best process for this? Don't do it. Keeping your password to yourself is the best way to ensure no one else will be able to access your account. The same can be said for the secret question security provision (when signing up for an iTunes Store account). Be sure the answer is only something you will know. You should also get in the habit of changing your passwords. Try setting a calendar event to remind you every couple months.