The new scam method that hackers are using to impersonate Apple employees is one of the most sophisticated and worrying threats to those who enjoy the brand's ecosystem.

This technique mixes classic social engineering with legitimate resources that only Apple should use, causing many victims to lower their guard and end up granting access to their iCloud account and all their linked devices.

The new Apple user scam: how hackers operate

The scam begins with an unexpected text message that intends to be a legitimate Apple alert, warning the user about an attempted login to their account and displaying a two-factor authentication (2FA) code. Usually, receiving these notifications means that someone is trying to access the account from an unknown device, so the victim gets scared and believes there is a real threat.

The dangerous part is that, minutes later, the person receives an automated call from a toll-free number, supposedly from Apple's "official system." With a professional voice and without haste, the scammer announces the security code that has just arrived and asks the user to share it to "verify" that they are the legitimate account holder. The attack is designed to create an atmosphere of urgency and a degree of panic, making the user perceive a real attempt at unauthorized access and, amidst this concern, want to cooperate to prevent their account from being stolen. What's truly sophisticated about this new scam is that attackers can create real tickets in Apple's support system using the victim's email address. This generates authentic emails—from official Apple domains—that reach the user and enhance the perceived legitimacy of the entire operation. Upon receiving "genuine" messages in their inbox and a call that supports the process with apparently reliable information, many lower their guard and fall into the trap.

Why is this new scam so dangerous?

The hackers' objective goes far beyond obtaining a single password or temporary access. If they manage to obtain the authentication code or master key,they can take complete control of the user's Apple account, including iCloud, email, photos, contacts, documents, and, of course, all physical devices linked to it. This allows not only digital identity theft, but also extortion, the hijacking of personal information, and the sale of data on illegal markets.

The most alarming thing is that the vulnerability lies in Apple's own support system: anyone can open a ticket using another user's email address and send legitimate messages without prior verification.

Thus, the user receives authentic communications from the company's official servers, making it nearly impossible to distinguish the scam from a legitimate situation. In addition, phishing websites use deceptive but convincing domains, such as “appeal-apple.com”, and display SSL certificates and security padlocks to appear secure to those who don't thoroughly verify the address. This combination of tactics makes the atmosphere created by the criminals especially believable and difficult to detect. Recommendations to Avoid Falling for Fraud: Given the sophistication of these scams, the main recommendations are based on common sense and digital caution. Never share two-factor authentication codes or “confirmation codes” over the phone or via links sent by third parties, no matter how legitimate the communication seems. No real Apple employee, or employee of any other company, will request this information from the user as part of a standard support process. Whenever you receive an unexpected call—no matter how professional it sounds—the wisest course of action is to hang up and contact Apple directly using the official numbers on the company's website. If you receive a communication requesting sensitive data, be suspicious and verify its authenticity before proceeding. Finally, never forget to carefully check the domain of any page you visit to troubleshoot technical problems: it must be exclusively apple.com, without any variations or additions. The presence of a padlock icon, the HTTPS protocol, or SSL certificates does not guarantee the legitimacy of the site. Phishing campaigns are constantly evolving, and in this case, the attack is especially dangerous because it relies on authentic resources and legitimate communication methods, causing many users to lower their guard and become victims. The key to staying safe is to be suspicious.Validate directly with Apple and never, under any circumstances, share your authentication codes or private keys.Anyone can open a ticket using another user's email address and send legitimate messages without prior verification.

Thus, the user receives authentic communications from the company's official servers, making it nearly impossible to distinguish the scam from a legitimate situation. In addition, phishing websites use deceptive but convincing domains, such as “appeal-apple.com”, and display SSL certificates and security padlocks to appear secure to those who don't thoroughly verify the address. This combination of tactics makes the atmosphere created by the criminals especially believable and difficult to detect. Recommendations to Avoid Falling for Fraud: Given the sophistication of these scams, the main recommendations are based on common sense and digital caution. Never share two-factor authentication codes or “confirmation codes” over the phone or via links sent by third parties, no matter how legitimate the communication seems. No real Apple employee, or employee of any other company, will request this information from the user as part of a standard support process. Whenever you receive an unexpected call—no matter how professional it sounds—the wisest course of action is to hang up and contact Apple directly using the official numbers on the company's website. If you receive a communication requesting sensitive data, be suspicious and verify its authenticity before proceeding. Finally, never forget to carefully check the domain of any page you visit to troubleshoot technical problems: it must be exclusively apple.com, without any variations or additions. The presence of a padlock icon, the HTTPS protocol, or SSL certificates does not guarantee the legitimacy of the site. Phishing campaigns are constantly evolving, and in this case, the attack is especially dangerous because it relies on authentic resources and legitimate communication methods, causing many users to lower their guard and become victims. The key to staying safe is to be suspicious.Validate directly with Apple and never, under any circumstances, share your authentication codes or private keys.Anyone can open a ticket using another user's email address and send legitimate messages without prior verification.

Thus, the user receives authentic communications from the company's official servers, making it nearly impossible to distinguish the scam from a legitimate situation. In addition, phishing websites use deceptive but convincing domains, such as “appeal-apple.com”, and display SSL certificates and security padlocks to appear secure to those who don't thoroughly verify the address. This combination of tactics makes the atmosphere created by the criminals especially believable and difficult to detect. Recommendations to Avoid Falling for Fraud: Given the sophistication of these scams, the main recommendations are based on common sense and digital caution. Never share two-factor authentication codes or “confirmation codes” over the phone or via links sent by third parties, no matter how legitimate the communication seems. No real Apple employee, or employee of any other company, will request this information from the user as part of a standard support process. Whenever you receive an unexpected call—no matter how professional it sounds—the wisest course of action is to hang up and contact Apple directly using the official numbers on the company's website. If you receive a communication requesting sensitive data, be suspicious and verify its authenticity before proceeding. Finally, never forget to carefully check the domain of any page you visit to troubleshoot technical problems: it must be exclusively apple.com, without any variations or additions. The presence of a padlock icon, the HTTPS protocol, or SSL certificates does not guarantee the legitimacy of the site. Phishing campaigns are constantly evolving, and in this case, the attack is especially dangerous because it relies on authentic resources and legitimate communication methods, causing many users to lower their guard and become victims. The key to staying safe is to be suspicious.Validate directly with Apple and never, under any circumstances, share your authentication codes or private keys.no matter how legitimate the communication seems. No real Apple employee, or employee of any other company, will request this information from the user as part of a standard support process. Whenever you receive an unexpected call—no matter how professional it sounds—the wisest course of action is to hang up and contact Apple directly using the official numbers on the company's website. If you receive a communication requesting sensitive data, be suspicious and verify its authenticity before proceeding. Finally, never forget to carefully check the domain of any page you visit to troubleshoot technical problems: it must be exclusively apple.com, without any variations or additions. The presence of a padlock icon, the HTTPS protocol, or SSL certificates does not guarantee the legitimacy of the site. Phishing campaigns are constantly evolving, and in this case, the attack is especially dangerous because it relies on authentic resources and legitimate communication methods, causing many users to lower their guard and become victims. The key to staying safe is to be suspicious.Validate directly with Apple and never, under any circumstances, share your authentication codes or private keys.no matter how legitimate the communication seems. No real Apple employee, or employee of any other company, will request this information from the user as part of a standard support process. Whenever you receive an unexpected call—no matter how professional it sounds—the wisest course of action is to hang up and contact Apple directly using the official numbers on the company's website. If you receive a communication requesting sensitive data, be suspicious and verify its authenticity before proceeding. Finally, never forget to carefully check the domain of any page you visit to troubleshoot technical problems: it must be exclusively apple.com, without any variations or additions. The presence of a padlock icon, the HTTPS protocol, or SSL certificates does not guarantee the legitimacy of the site. Phishing campaigns are constantly evolving, and in this case, the attack is especially dangerous because it relies on authentic resources and legitimate communication methods, causing many users to lower their guard and become victims. The key to staying safe is to be suspicious.Validate directly with Apple and never, under any circumstances, share your authentication codes or private keys.