Would you trust an unsolicited call from someone claiming to be from Apple, especially if it seemed to match real alerts from the official Apple website? This is the exact psychological tactic that scammers are exploiting in a recent campaign targeting Apple users, aiming to steal account details and sensitive information.
Eric Moret, an Apple user, found himself at the center of this scam. As he explains in a blog post on Medium, he received a two-factor authentication (2FA) code via text despite not attempting to log into any Apple services. Just a minute later, an automated call from Apple read aloud the same code, alerting him that someone was attempting to break into his account.
Not long after, Moret received a call from an Atlanta number, with the caller claiming to be from Apple Support. They explained that his account was under attack and reassured him that another representative would follow up shortly. Within ten minutes, Moret was on the line with a second person who began guiding him through the process of resetting his iCloud password. The scammer even created a legitimate-looking Apple Support ticket and had Moret confirm it was from an official Apple email, which made the situation appear genuine.
While the caller never asked Moret to provide his new password, the scammer gave him instructions to expect a text with a link to “close the case.” When the link arrived, Moret was directed to a phishing website (appeal-apple.com), which looked like a legitimate Apple domain. There, Moret was prompted to enter a code to finalize the process. The code he entered turned out to be a 2FA verification code that gave the scammers access to his iCloud account.
Immediately, Moret received an alarming email indicating that his account had been accessed on a Mac mini, a device he didn’t own. It was clear that the scammers had gained control of his account, including all his personal files, photos, and emails. Fortunately, Moret reacted quickly, resetting his iCloud password once again. He was able to remove the unauthorized Mac mini from his account and stop the scam in its tracks.
The success of this scam was largely due to the calm and professional demeanor of the scam callers. They did not rush Moret, which would have raised his suspicions. The most dangerous element of the scheme was the authentic-looking Apple Support email, which the scammers created using a flaw in Apple’s system: anyone can generate an Apple Support ticket without verification. This loophole made the scam even more convincing.
To protect yourself from similar attacks, it’s essential to be cautious with unexpected calls, even if they seem to come from Apple. If you receive a call from someone claiming to be from Apple, hang up and call Apple Support directly to verify whether there’s a real issue with your account. Additionally, never share 2FA or verification codes with anyone, regardless of who they claim to be. Always ensure you’re visiting the official Apple website, checking for subtle differences in URLs that may indicate a phishing attempt.
For even stronger security, consider using a hardware security key. This extra layer of protection ensures that even if scammers manage to steal your details, they won’t be able to access your account without physically connecting the key to your device.
