APPLE Pay users are being targeted by a phishing campaign that starts with a convincing email bearing Apple branding and a case ID, timestamp and urgent warnings about a fraudulent charge. The email sometimes includes a calendar appointment and a phone number to call, and the display name and formatting mimic legitimate receipts.
After the call is made, the agent identifies as part of Apple’s fraud department and solicits details such as Apple ID verification codes and payment information, guiding the victim through checking bank and Apple Pay cards and even suggesting temporarily securing payment methods while the “Apple team” investigates. The scam uses a scripted approach to extract login codes and payment data, with attackers able to bypass two‑factor authentication by harvesting the verification code in real time.
Examples submitted to Malwarebytes Scam Guard include an Apple Gift Card purchase for $279.99 and a fake Apple Store receipt for $1,157.07, each with a phone number to call. Malwarebytes notes that Apple does not set up fraud appointments by email or ask users to call numbers in unsolicited messages.