Scammers Use Real Apple Account Emails to Run Phone-First Phishing Cons

Overview

• Security reporters detail a campaign that makes fake iPhone purchase notices look real by sending or redistributing Apple account warnings that appear to come from appleid@id.apple.com or email.apple.com and pass standard authentication checks.
• Attackers create an Apple ID they control, put phishing text in the first and last name fields, then change shipping details to trigger a legitimate “Your Apple account was updated” email that includes their planted message.
• In many cases the scammers first receive the alert themselves and then forward or mass‑mail it to victims, so the message shows a real Apple sender in headers even though the original recipient differs from the final delivery address.
• Victims who call the listed “cancellation” number are pressured to install remote‑access software or share financial credentials, giving criminals control of a PC and a path to drain accounts or take over logins.
• Malwarebytes reports BleepingComputer reproduced the technique and flags telltales such as “Dear User” followed by a scam block where a name should be, a subject about account changes rather than a purchase, and an unrelated iCloud address, with guidance to ignore the number and verify activity by logging in directly.