How could a scammer know the apps on my phone / iTunes account?

It's a game of probability and chances are high that you might have one of the most popular apps in history installed on your device.

My guess is that the scammer does not know anything about you. The app in question is widely popular and one of the most successful apps on both iOS and Android. An attacker may just send out large amounts of mails containing such "most probable apps"/"best guesses". It would have been the same if the scammer sent an invoice for WhatsApp, which you most probably have installed on your device.

This tactic can also be observed in other recent spam waves like the notorious sextorion scam where the attacker sends a rather ominous remark about your porn preferences:

i installed a software on the adult videos (pornographic material) web-site [...] 1st part displays the video you were viewing (you’ve got a nice taste haha)

So to sum it up, this is most likely just a wild, but very probable guess, and you are not compromised. Countermeasures in this case: delete the email, go catch some Pokémon and have fun.

Pokemon Go is a very popular app. I would not be surprised if that email was being scatter-gunned to see who might panic and do what the phishing email wants. The other possibilities include:

  • Niantic (the devs of Pokemon Go) has been compromised - not very likely
  • The providers of another app on your phone have detected you use it and have sold that info onto someone else.
  • The attackers know either you have a Pokemon Go or an Apple account - not necessarily both.
  • You yourself provided that information somewhere
  • Another one of your accounts, where you have used your email address and talked about Pokemon Go on iPhone, has been compromised

Former Apple Inc. employee here. I have seen some shady stuff on people's phones and what you're experiencing isn't new--I have received the same emails. That's how they phish people. They get receivers of the email to contact them, then try to dispute the charge, unknowingly giving over private information to help "resolve" the issue. If your account has been compromised, they can see your app purchases. Purchases include free downloads. Here's what I'd suggest to check:

  1. Firstly, check the email address from the email. If it's non-Apple, dismiss it.
  2. Check the devices associated with your phone. Settings>Your Name(top). There, if you scroll down, you should see a list of your Apple Devices. If you do not recognize one. You may have someone signed in to your account.
  3. Check your "Family Sharing" tab. If you are a part of a family you shouldn't be, you may be compromised. (Settings>Your Name>Family Sharing)
  4. Check to see if there is a "Profile" on your phone. This is popular with business phones to monitor employees, but some people use this maliciously. (Settings>General ... scroll and look for something that may not belong).
  5. This one is tricky, make sure when you're connected to wifi, you're on a known secure network. Users often join networks to save their data, but I personally have known people to travel with a hotspot in populated areas to get people to connect to it. From there, they can find a way to mess with your device or information. Same goes with connecting to those free chargers in public spaces, like at airports -- be very wary.

Hope this helps someone