Apple users are increasingly becoming victims of a sophisticated phishing scam that exploits the trust users place in Apple’s security systems. In one recent case, Apple user Eric Moret experienced a carefully crafted scam that almost led to the theft of his account information, highlighting the clever tactics scammers use to manipulate Apple customers.
The scam began when Moret received an unexpected text with a two-factor authentication (2FA) code, even though he wasn’t trying to sign into his account. Moments later, he received an automated call from Apple, reading the same 2FA code aloud. This set the stage for a scammer to reach out, posing as an Apple Support agent. The scammer claimed that Moret’s account was under attack and, after confirming a support ticket had been created, walked him through a series of actions to supposedly secure his account.
The scammer was calm and professional, which reassured Moret that everything was legitimate. At one point, Moret was asked to reset his iCloud password but was never directly asked to provide the new password. However, the scammer did tell him that a text message would follow with a link to “close the case.” The text message led to a phishing website, appeal-apple.com, where Moret was instructed to enter a code to resolve the issue.
This code, however, was a 2FA code, which the scammer used to gain access to Moret’s Apple account. Almost immediately, Moret received an alarming email, telling him that his account had been accessed on a Mac mini—a device he did not own. Realizing the scam, he acted quickly, resetting his iCloud password again, which removed the unauthorized device from his account.
The scam worked so well because the attacker had created a legitimate-looking Apple Support ticket using Moret’s email address, a flaw in Apple’s system that allows anyone to create support tickets on behalf of others without verification. The scammers also cleverly exploited the authentic Apple Support email, lending their scam an air of legitimacy.
Here’s how to protect yourself from similar attacks:
- Don’t Trust Unsolicited Calls: If you receive a call from someone claiming to be from Apple, hang up immediately and call Apple Support directly to verify the claim.
- Never Share 2FA Codes: Never give out 2FA codes over the phone or via text, even if the caller claims to be from Apple. These codes should only be used for logging in yourself.
- Verify Website URLs: Before clicking any link in a text or email, make sure the website’s URL is genuinely from Apple. Be cautious of websites that look like Apple’s but use different domains.
- Use a Hardware Security Key: For extra security, consider using a hardware security key, which requires physical access to your device to complete sign-ins. This is a foolproof way to ensure your account stays safe from phishing.
By being aware of these scams and taking simple precautions, you can safeguard your Apple account and avoid falling victim to attackers who seek to steal your personal information.








