The phrase “canaries in the coal mine” refer to the practice years ago of bringing canaries into coal mines because they were sensitive to small amounts of dangerous carbon dioxide and were useful in recognizing early the presence of dangerous carbon dioxide.  So it is with your Apple iTunes account when it comes to identity theft.  Often identity thieves will test out stolen credit and debit cards by using the cards for minor purchases on iTunes to see if the stolen credit or debit card information was for active accounts and if the card owners were vigilant in monitoring their accounts.


There are a number of lessons to be learned from this scam.  First you should regularly monitor all of your accounts where you make purchases both large and small.  For iTunes, you should check your history of purchases.  Here is a link from Apple that explains how to do this.    It is important to remember, however, that if you have a Family Sharing plan you will only be able to see specific information about charges made with your own personal Apple ID.  Other family members will have to check their own accounts for information about purchases made in their names.  If you find fraudulent charges, someone has either compromised your account and used the credit card or debit card tied to your account to make iTunes purchases or they have made other charges that have been made to appear as iTunes charges.  Either way, you will need to dispute the charges with your credit card issuer or  the bank that issued your debit card, which leads to the next piece of advice.  If your credit card is used for fraudulent purchases, the law limits your liability to no more than $50 and most credit card issuers don’t charge you anything for fraudulent purchases.  However, debit cards are tied directly to your bank account and if you are not vigilant in spotting fraudulent charges, you run the risk of losing your entire bank account which is why I always advice you to never use your debit card for anything other than an ATM card.

If your iTunes account is hacked you also will need to change the password on your account.  Again, it is important to use strong, separate and distinct passwords for all of your online accounts so that if somehow the security of your password is compromised, such as in a data breach, the rest of your accounts are not in jeopardy.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”