Apple Pay can be very secure, but scammers aren't after the "system": they're after you, your attention, and your decisions. ESET has been warning that the most common Apple Pay scams usually target money, financial information, or access to your Apple ID (including 2FA codes), exploiting social engineering rather than technical flaws.

Most common Apple Pay scams in 2026: phishing, fake receipts, and impersonation

The most common method is phishing: text messages, emails, or calls impersonating Apple, your bank, or "support," with the excuse that you need to verify something "right now." The bait might be a refund, a prize, an account "suspension," or even a warning that your card will be blocked if you don't confirm your information.

The most dangerous version is when the attacker captures your data in real time: you think you're "validating" the card, but the scammer is trying to add that card to their own Wallet and needs you to give them the one-time code sent by your bank. In other words, phishing doesn't just steal passwords; It can also end in a practical takeover of your payment method if you unwittingly cooperate.

In parallel, there's the fake receipt scam, which is gold for scammers in the buy-and-sell market: they agree to buy something from you and send you a screenshot where they supposedly already paid you via Apple Pay. Sometimes they embellish it with the story that the money is "pending" or "in escrow" until you ship the product and share the tracking number; the catch is that Apple Pay doesn't work as an escrow service, so that story is usually pure theater to get you to hand over the item.

Marketplace Frauds Using Apple Pay

ESET describes several typical scams that appear when you're selling something (especially expensive items) on buy-and-sell platforms.

In the "Marketplace" scam, the fake buyer uses stolen cards linked to Apple Pay to pay you for a product, you ship it, and later, the real cardholder doesn't recognize the purchase and disputes the charge. Result: the payment “disappears” and you have already delivered the item.Another method is overpayment: the scammer "pays," but sends you more money than you should, and then asks you to return the difference (often pushing you to use Apple Cash or another app). The catch is that the original payment usually comes from a stolen card, so you end up losing the product and the money you returned. The even more disconcerting variant is unsolicited payment: you receive a payment "out of the blue," and then they contact you to ask you to return it via another method (Apple Cash, gift cards, or another way). Again, the scheme leverages funds of fraudulent origin and the fact that the "refund" you make is real and comes out of your own pocket.

Public Wi-Fi and Apple Pay: The "Evil Twin" Trap to Steal Your Apple ID and Empty Your Banks

Although it may sound less common than phishing, ESET also mentions the risk of manipulated public Wi-Fi networks, known as "evil twins": a fake network that mimics the legitimate one in places like coffee shops or airports.

The goal is not to "break" Apple Pay, but to intercept or redirect your browsing to take you to a fake portal (for example, a screen that looks like Apple's) and thus steal your Apple ID and password. With these credentials, the attacker can try to access your account, change data, or exploit access linked to payments, turning a simple "free" connection into the start of a serious problem.