Scammers are weaponizing Apple’s own notifications in a dangerous new phishing attack — don’t fall for this

Getting a notification about an unknown purchase can certainly be startling. That is, until you realize it’s a fake just by checking the sender’s email address. However, a new phishing scam might make you think twice about that recent purchase you definitely didn’t make.

As reported by BleepingComputer, Apple users are being targeted by a new phishing attack currently making the rounds online. Just like with previous campaigns, this one claims that unsuspecting users bought a new iPhone. What makes this scam appear slightly more legitimate, though, is that the email comes from Apple itself — or at least it appears to at first — through the company's Apple account change notifications.

Here’s everything you need to know about this new phishing attack, including how to spot it and how to avoid it, along with some tips and tricks to help keep you safe from all manner of online scams.

Impersonating Apple to bypass security checks

BleepingComputer first learned of these fake iPhone purchase phishing emails last week when a reader reached out about them. They received the email in question informing them about “the following changes to your Apple Account.”

In the email, the reader was told that they purchased an iPhone for $899 and paid via PayPal. However, next to all this info at the top of the message, there’s a phone number to call if they want to ‘cancel’ the purchase.

Instead of canceling the fake purchase, calling that number puts potential victims into direct contact with the scammers behind this campaign. While on the phone, they might try to convince Apple users that their accounts were compromised. Likewise, they could also instruct them that they need to install remote access software (while walking them through the process to do so) or to provide financial information. As BleepingComputer points out, in previous callback phishing campaigns, remote access was used to drain bank accounts, deploy malware or steal data.

When it comes to phishing lures, fraudulent purchases are one of the oldest ones in the book. However, what makes this particular scam easier to fall for and much more interesting is how the hackers behind it managed to impersonate Apple so well.

After analyzing the email, BleepingComputer found that it was sent from Apple’s own infrastructure using the email address appleid@id.apple.com. It also managed to pass several authentication checks, and in a victim’s inbox, this email would appear as a legitimate one from Apple.

This was done by adding key details from the phishing message to the first and last name fields when creating a real Apple account. From there, the scammer modifies the account’s shipping information, which leads Apple to send out a security alert notifying them of the change. Since the iPhone maker uses the user-supplied first and last name fields when sending these alerts, the scammers behind this campaign are able to get their phishing messages embedded in official emails that come directly from Apple.

You might be wondering how the scammer got the Apple account change email to show up in the victim’s inbox. Well, they technically didn’t. Instead, they changed the shipping information in their own account, got the email and then sent it to the victim. That way, the message appears to come from appleid@id.apple.com when it technically didn’t. This is even more apparent in the header, where analyzing it shows that the original recipient differs from the final delivery address.

How to stay safe from phishing scams

When dealing with a phishing attack like this one, the first and most important thing you should do is to slow down, take a breath and try to keep a level head. Scammers want you worried and anxious so that you do things you normally wouldn’t, like call back the number on a random email that showed up in your inbox.

Whenever you get an unexpected account alert message in your inbox claiming that you purchased something you didn’t, you should always proceed with caution. While accidental purchases do happen, it’s more likely you’re dealing with a scam email.

To get some much-needed peace of mind, I recommend checking your bank account or the account in question first. If you don’t see any recent purchases that match what the email claims, then you can safely ignore it.

In order to protect yourself further, I recommend using the best antivirus software on your Windows PC or the best Mac antivirus software on your Apple computer. Both of which can help protect you from any malware or other viruses that may be included in phishing emails. Now, if you do fall for one of these scams, getting your stolen money back is nearly impossible. However, if you had signed up for one of the best identity theft protection services beforehand, you can use their fraud protection to recover any lost funds.

Apple continues to be one of the most popular companies in the world, and as such, scammers are going to keep trying to impersonate it in their attacks. That’s why it’s up to you to be extra careful when checking your inbox. If you proceed with caution and avoid clicking on links or calling back any numbers found in these messages, you should be safe.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Subscribe to Tom's Guide on YouTube and follow us on TikTok.

More from Tom’s Guide

• Don’t call that number: Dangerous new Apple Pay scam tricks victims into picking up their iPhones
• I put Apple’s new macOS ClickFix warnings to the test and they actually worked — now I want them on Windows too
• Over 1 billion Windows users at risk after disgruntled security researcher leaks Defender zero-days