{“lastseen”:”2026-02-06T16:05:09″,”description”:”It started with an email that looked boringly familiar: Apple logo, a clean layout, and a subject line designed to make the target\u2019s stomach drop.\\n\\nThe message claimed Apple has stopped a high\u2011value Apple Pay charge at an Apple Store, complete with a case ID, timestamp, and a warning that the account could be at risk if the target doesn\u2019t respond.\u200b\\n\\nIn some cases, there was even an \\”appointment\\” booked on their behalf to \\”review fraudulent activity,\\” plus a phone number they should call immediately if the time didn\u2019t work.\u200b Nothing in the email screams amateur. The display name appears to be Apple, the formatting closely matches real receipts, and the language hits all the right anxiety buttons.\\n\\nThis is how most users are lured in by a recent Apple Pay phishing campaign.\\n\\n## The call that feels like real support\\n\\nThe email warns recipients not to Apple Pay until they’ve spoken to \u201cApple Billing \\u0026 Fraud Prevention,\u201d and it provides a phone number to call.\u200b\\n\\n\\n\\nAfter dialing the number, an agent introduces himself as part of Apple\u2019s fraud department and asks for details such as Apple ID verification codes or payment information.\\n\\nThe conversation is carefully scripted to establish trust. The agent explains that criminals attempted to use Apple Pay in a physical Apple Store and that the system \u201cpartially blocked\u201d the transaction. To \u201cfully secure\u201d the account, he says, some details need to be verified.\\n\\nThe call starts with harmless\u2011sounding checks: your name, the last four digits of your phone number, what Apple devices you own, and so on.\\n\\nNext comes a request to confirm the Apple ID email address. While the victim is looking it up, a real-looking Apple ID verification code arrives by text message.\\n\\nThe agent asks for this code, claiming it\u2019s needed to confirm they\u2019re speaking to the rightful account owner. In reality, the scammer is logging into the account in real time and using the code to bypass two-factor authentication.\\n\\nOnce the account is \u201cconfirmed,\u201d the agent walks the victim through checking their bank and Apple Pay cards. They ask questions about bank accounts and suggest \u201ctemporarily securing\u201d payment methods so criminals can\u2019t exploit them while the \u201cApple team\u201d investigates.\\n\\nThe entire support process is designed to steal login codes and payment data. At scale, campaigns like this work because Apple\u2019s brand carries enormous trust, Apple Pay involves real money, and users have been trained to treat fraud alerts as urgent and to cooperate with \u201csupport\u201d when they\u2019re scared.\\n\\nOne example submitted to Malwarebytes Scam Guard showed an email claiming an Apple Gift Card purchase for $279.99 and urging the recipient to call a support number (1-812-955-6285).\\n\\nAnother user submitted a screenshot showing a fake \\”Invoice Receipt – Paid\\” styled to look like an Apple Store receipt for a 2025 MacBook Air 13-inch laptop with M4 chip priced at $1,157.07 and a phone number (1-805-476-8382) to call about this \\”unauthorized transaction.\\”\\n\\n## What you should know\\n\\nApple doesn’t set up fraud appointments through email. The company also doesn’t ask users to fix billing problems by calling numbers in unsolicited messages.\\n\\nClosely inspect the sender\u2019s address. In these cases, the email doesn’t come from an official Apple domain, even if the display name makes it seem legitimate.\\n\\nNever share two-factor authentication (2FA) codes, SMS codes, or passwords with anyone, even if they claim to be from Apple.\\n\\nIgnore unsolicited messages urging you to take immediate action. Always think and verify before you engage. Talk to someone you trust if you\u2019re not sure.\\n\\nMalwarebytes Scam Guard helped several users identify this type of scam. For those without a subscription, you can use Scam Guard in ChatGPT.\\n\\nIf you’ve already engaged with these Apple Pay scammers, it is important to:\\n\\n * Change the Apple ID password immediately from Settings or appleid.apple.com, not from any link provided by email or SMS.\\n * Check active sessions, sign out of all devices, then sign back in only on devices you recognize and control.\\n * Rotate your Apple ID password again if you see any new login alerts, and confirm 2FA is still enabled. If not, turn it on.\\n * In Wallet, check every card for unfamiliar Apple Pay transactions and recent in-store or online charges. Monitor bank and credit card statements closely for the next few weeks and dispute any unknown transactions immediately.\\n * Check if the primary email account tied to your Apple ID is yours, since control of that email can be used to take over accounts.\\n\\n\\n\\n* * *\\n\\n**We don ‘t just report on scams\u2014we help detect them**\\n\\nCybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we\u2019ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!”,”published”:”2026-02-06T14:43:55″,”modified”:”2026-02-06T14:43:55″,”type”:”malwarebytes”,”title”:”Apple Pay phish uses fake support calls to steal payment details”,”source”:””,”references”:””,”id”:”MALWAREBYTES:3E762B4B51CD337599E0D10B39D50C8B”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/02\/apple-pay-phish-uses-fake-support-calls-to-steal-payment-details”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-06T16:05:09″,”description”:”It started with an email that looked boringly familiar: Apple logo, a clean layout, and a subject line designed to make the target\u2019s stomach drop.\\n\\nThe…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-39409","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n