Would you trust a stranger claiming to be from Apple if their call coincided with legitimate alerts coming from Apple’s official website? That sense of authenticity is exactly what scammers are exploiting in an active campaign targeting Apple users and attempting to steal their account credentials.
For Apple user Eric Moret, the threat became all too real. As he detailed in a Medium blog post, Moret suddenly received a text message containing a two-factor authentication (2FA) code despite not trying to log in to any of his accounts. One minute later, he got an automated call from Apple reading aloud another 2FA code. Someone was clearly attempting to access his account.
Shortly after, Moret received a call from an Atlanta number. The caller claimed to be from Apple Support, stated that Moret’s account was under attack, and said another representative would call him back. Ten minutes later the promised call arrived, kicking off a “25-minute scam” in which the fake agent walked Moret through the process of resetting his iCloud password.
Here’s the clever part: the scammer created a legitimate Apple Support ticket for Moret and, while they were on the phone, asked him to confirm that the email came from an official Apple address. The caller sounded calm and professional enough to convince Moret that everything was entirely legitimate.
Moret was asked to reset his iCloud password, and the scammer never asked for it directly. But the next step was the trap: he was told he would receive an SMS “with a link to close the support case”.
The text message arrived, linking to the fraudulent website appeal-apple.com. The page claimed that his account security process was underway and instructed him to enter a code to finalize it. At that moment, Moret received a six-digit verification code via SMS and entered it into the site.
That was the trick. Instead of “closing the case”, the code he entered was actually a real 2FA login code granting the scammers access to his Apple account. Seconds later, he received an email that, in his words, “made my blood run cold”: a notification that his account had just signed in on a Mac mini, a device he didn’t own. The attackers now had access to his “entire digital life” files, photos, emails, and more.
Trying to keep him calm, the fake Apple agent insisted this was “expected as part of the security process”. But Moret didn’t buy it. Thinking fast, he reset his iCloud password a second time. Immediately, the mysterious Mac mini disappeared from his account, and the phishing website began redirecting to Google. He had narrowly escaped disaster.
This attack worked because the scammers remained composed, avoided pressure tactics, and most importantly leveraged a flaw in Apple’s systems: anyone can create an Apple Support ticket for anyone else, with no verification required. That allowed the attackers to generate an authentic-looking email from Apple Support sent directly to Moret’s inbox, adding legitimacy to the scam.
Fortunately, there are ways to defend yourself against threats like this:
- Hang up immediately if you receive an unexpected call claiming to be from Apple. Then call Apple directly to verify if there’s an actual issue.
- Never share 2FA codes not over the phone, not by text, not with anyone claiming to be from Apple.
- Always verify website domains; attackers often insert “Apple” into fake URLs to trick victims.
For maximum protection, consider using a hardware security key, which requires physical confirmation and cannot be bypassed by phishers.
