Emails claiming to come from Apple are being sent to English-speaking users to lure them into giving away their financial data, Bitdefender warns.

Attackers ask unsuspecting users to review their billing information in a well-crafted message.

Once they click on the “Reset now” link, the login screen asks them to enter their Apple ID and password. Next, users are asked to fill in account information, including credit card number, CVV and expiration date.

After completing the form, a message reassures them the account has been secured using two-factor authentication.

Bitdefender advises users to look for anything out of the ordinary in order to recognize spammy messages and avoid becoming victims of identity theft. In this case, the URL belongs to a domain clearly unrelated to Apple, and the sender’s email address also sparks suspicions.