Cybersecurity experts are warning iPhone users about a new email scam that targets Apple customers by attempting to steal banking information. The messages claim recipients must immediately address a high-dollar Apple Pay purchase at a physical Apple Store. Recipients are instructed to call a phone number or attend an appointment to resolve the alleged issue. When contacted, victims are connected to individuals posing as Apple Support representatives who attempt to obtain Apple IDs, verification codes, or payment information. Some emails include case IDs, timestamps, and other details designed to make the messages appear legitimate. The sender's email address does not originate from an official Apple domain, even when the display name looks authentic.
Technical Inconsistencies Indicate Emails Are Fraudulent
Technical inconsistencies, such as impossible IP addresses and awkward greetings like 'Hello {Name},' further indicate the messages are fraudulent. Online searches of the included phone numbers often return unrelated results, such as public health or addiction support pages, rather than Apple support contacts. The scam has been shared on an Apple forum, with one user posting the details. 'I received the email below today, 1/28/26 at 10:12 L, and am certain it is a scam. I am hoping this post gets to APPLE and that they can follow up,' the Apple user wrote. 'I've checked my Apple Wallet, and zip shows up re the supposed charge of $623. I have not clicked on any links or phoned the number provided. Is this widespread?' Apple never schedules fraud-related appointments via email, nor does it instruct users to resolve billing issues by calling phone numbers provided in unsolicited messages.
These red flags strongly suggest the scam is part of a broader operation, rather than a legitimate Apple communication. Official Apple support numbers always direct users to Apple-owned domains and verified help pages. The emails exploit urgency, warning that immediate action is required to prevent account misuse, Apple Insider reported. Genuine Apple communications do not pressure recipients into rapid responses or threaten sudden account lockouts. Apple's massive user base and trusted brand make it a frequent target for impersonation, and scammers know that large-dollar Apple Pay alerts trigger fear. Phishing attacks succeed not because of technical vulnerabilities, but by preying on human instincts, coaxing users into revealing sensitive information under the guise of legitimacy.
Users Urged to Stay Alert and Update Devices
Recipients should be vigilant and verify any suspicious messages by checking sender details and contacting Apple directly through official channels. Users can report fraudulent emails to Apple at reportphishing@apple.com and should never share verification codes, passwords, or payment information with unverified contacts. Apple issued another warning this week, alerting iPhone users they are at risk of 'mercenary spyware attacks' threatening to steal data without them even clicking on a suspicious link. The tech giant said the threat stems from the vast majority of users not updating to the latest version of their phone software, known as iOS 26. The patch includes advanced security upgrades for the latest vulnerabilities that hackers have allegedly been using in real-world attacks. Specifically, they've exploited sneaky flaws in the part of the iPhone that handles web browsing, called WebKit.
WebKit is the engine that powers Safari and other apps on the iPhone. However, the weak points in older iPhone operating systems let hackers run harmful code on a target's phone just by tricking it into loading corrupted web content. These are often called 'zero-click' attacks because they don't rely on the victims opening a suspicious email or clicking on malicious links once they're in the system. Apple confirmed on its support pages that these issues with older iPhone software packages were exploited in highly targeted, sophisticated spyware campaigns mainly aimed at journalists, activists, or politicians. However, the company warned that these mercenary attacks were 'global and ongoing,' meaning the roughly one billion iPhone users not using a version of iOS 26 are at risk of cyberattack, including ones that users can't see coming. Apple said that the remedy is to download either the iOS 26 or iOS 26.2 operating system updates and then restart the iPhone immediately to potentially clear out any hidden malware.