Threat actors are exploiting Apple's account change notification system to deliver phishing emails that appear to originate from legitimate Apple infrastructure. By inserting scam text into Apple ID first and last name fields, attackers embed fake iPhone purchase alerts (claiming $899 via PayPal) into real Apple security emails that pass SPF, DKIM, and DMARC checks. The emails urge recipients to call a fraudulent support number, where scammers attempt to steal financial information or install remote access software. BleepingComputer confirmed the technique is replicable and Apple has not yet patched the abuse vector.
Sort: