Cyber Daily Report

News

Home News

Real Apple notifications are being used to drive tech support scams

  • None--securityboulevard.com
  • published date: 2026-04-21 00:00:00 UTC

None

<p>The post <a href="https://www.malwarebytes.com/blog/news/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams">Real Apple notifications are being used to drive tech support scams</a> appeared first on <a href="https://www.malwarebytes.com/">Malwarebytes</a>.</p><p>Scammers have found a way to abuse legitimate Apple account notification emails to trick targets into calling fake tech support numbers.</p><p>According to a report from <a href="https://www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/" rel="noreferrer noopener nofollow">BleepingComputer</a>, scammers create an Apple account and insert a phishing message into the personal information fields, then modify the account so that Apple sends a genuine security alert about the change to the target.</p><p>BleepingComputer was able to replicate the attack.</p><p>The attacker creates an Apple ID they control, then stuffs the phishing message into the personal information fields (first name, last name, possibly address), splitting it across fields because they will not fit into just one.</p><p>To launch the phish, the attacker changes something benign on their specially created Apple account, such as shipping information, which causes Apple’s systems to send a “Your Apple account was updated” security email.</p><p>While the original alert is addressed to the attacker’s iCloud email, they are then able to redistribute it to a wider victim list, for example through a mailing list.</p><p>In the copy the targets receive, the email headers still show a legitimate Apple sender, and the presence of the attacker’s iCloud address can even make it look like “someone else” has gained access to the account.</p><figure class="wp-block-image aligncenter size-full is-resized"><img decoding="async" loading="lazy" width="625" height="466" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2026/04/reconstruction.png" alt="Reconstruction. Image courtesy of BleepingComputer" class="wp-image-402329" style="aspect-ratio:1.341246688797237;width:625px;height:auto"></figure><p>Because Apple includes those user-supplied fields in the security email, the phishing text is delivered inside a legitimate message sent from Apple’s own infrastructure.</p><p>This method, called call-back phishing, filters out suspicious users, so the scammers can focus on the people who fell for the first part. </p><p>The emails come from a legitimate source, sail through every security filter because of that, and look convincing enough to scare the receiver into thinking someone spent $899 from their PayPal account.</p><figure class="wp-block-image aligncenter size-full"><img decoding="async" loading="lazy" width="614" height="661" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2026/04/email_screenshot_1fc86b.png" alt="Phishing email screenshot, courtesy of BleepingComputer " class="wp-image-402331"></figure><p>But the structure of the email does not make sense.</p><p>“Dear User” is immediately followed by the scam message where your name should have been. The header says it’s about account information rather than a purchase. And the iCloud account does not belong to the recipient. So, once you know how it’s done, they’re not impossible to spot. Which is why we wrote this blog.</p><p>And when in doubt, you can always ask Malwarebytes Scam Guard.</p><hr class="wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex"> <div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:15%"> <figure class="wp-block-image aligncenter size-large is-resized"><img decoding="async" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2024/11/phishing-scam-protection-icon-0B73D5.svg?w=1024" alt="" class="wp-image-120125" style="aspect-ratio:0.7764298093587522;width:59px;height:auto"></figure> </div> <div class="wp-block-column is-vertically-aligned-center is-layout-flow wp-container-core-column-is-layout-10073889 wp-block-column-is-layout-flow" style="padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30);flex-basis:60%"> <h3 class="wp-block-heading has-dark-blue-color has-text-color has-link-color wp-elements-206cb12516cf7911541848b4cf513a38" id="h-scam-nbsp-or-legit-scam-guard-knows">Scam or legit? Scam Guard knows.</h3> </div> <div class="wp-block-column is-vertically-aligned-center has-global-padding is-content-justification-right is-layout-constrained wp-container-core-column-is-layout-f1f2ed93 wp-block-column-is-layout-constrained" style="flex-basis:30%"> <div class="wp-block-malware-bytes-button mb-button" id="mb-button-a2b2e60f-b6c4-45fc-8aac-20ae3cf27e09"> <div class="mb-button__row u-justify-content-center"> <div class="mb-button__item mb-button-item-0"> <p class="btn-main"><a href="https://www.malwarebytes.com/solutions/scam-guard" data-type="link" data-id="https://www.malwarebytes.com/scamguard" rel="noreferrer noopener">TRY IT NOW</a></p> </div> </div> </div> </div> </div><hr class="wp-block-separator aligncenter has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><figure class="wp-block-image aligncenter size-full"><img decoding="async" loading="lazy" width="935" height="419" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2026/04/scam-detection.png" alt="Is this a scam?" class="wp-image-402332"><figcaption class="wp-element-caption">Asking Scam Guard</figcaption></figure><p>Scam Guard identified the screenshot as a scam and guides users through the next steps.</p><p>Scams like these work, because many users still view phone calls as more trustworthy than email, especially if the email itself passed all the usual technical authenticity checks and they initiated the call themselves.</p><h2 class="wp-block-heading" id="h-how-to-stay-safe">How to stay safe</h2><p><a href="https://www.malwarebytes.com/blog/news/2016/05/tech-support-scams" rel="noreferrer noopener">Tech support scammers</a> will try to convince callers to install some kind of remote desktop application to steal data from your computer, or ask for financial details so they can steal your money.</p><p>To stay safe from these scammers:</p><ul class="wp-block-list"> <li>Be wary of unexpected alerts about high‑value purchases you do not recognize. They are suspicious even if they come from a real domain.</li> <li>Never call a number sent to you by unsolicited means or even found in sponsored search results.</li> <li>Carefully read emails and text messages, even if they come form trustworthy addresses. Does the email make sense from a structural and linguistic point of view?</li> <li>If someone claiming to be support for a legitimate company asks for remote access or payment details during a call, hang up and contact the company through official channels.</li> <li>Use <a href="https://www.malwarebytes.com/blog/product/2026/02/scam-guard-for-desktop-a-second-set-of-eyes-for-suspicious-moments" rel="noreferrer noopener">Malwarebytes Scam Guard</a> to analyze any kind of message that alarms you or urges you to take immediate action.</li> </ul><hr class="wp-block-separator has-alpha-channel-opacity is-style-wide"><h3 class="wp-block-heading" id="h-something-feel-off-check-it-before-you-click-nbsp-nbsp"><strong>Something feel off? Check it before you click. </strong> </h3><p><strong>Malwarebytes Scam Guard</strong> helps you analyze suspicious links, texts, and screenshots instantly.  </p><p>Available with <a href="https://www.malwarebytes.com/premium" rel="noreferrer noopener">Malwarebytes Premium Security</a> for all your devices, and in the <a href="https://www.malwarebytes.com/mobile" rel="noreferrer noopener">Malwarebytes app for iOS and Android</a>.  </p><p><a href="https://www.malwarebytes.com/solutions/scam-guard" rel="noreferrer noopener">Try it free →</a> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams/" data-a2a-title="Real Apple notifications are being used to drive tech support scams"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.malwarebytes.com/">Malwarebytes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Malwarebytes">Malwarebytes</a>. Read the original post at: <a href="https://www.malwarebytes.com/blog/news/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams">https://www.malwarebytes.com/blog/news/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams</a> </p>

Most Popular

Real Apple notifications are being used to drive tech support scams

  • None -- securityboulevard.com
  • Published date: 2026-04-21 00:00:00 UTC

What Makes Credential Stuffing Difficult to Detect?

  • None -- securityboulevard.com
  • Published date: 2026-04-21 00:00:00 UTC

Why API Discovery Is the First Step to Securing AI

  • None -- securityboulevard.com
  • Published date: 2026-04-21 00:00:00 UTC

DLP That Doesn’t Make You Choose: Introducing Menlo AI Adaptive DLP – Blog | Menlo Security

  • None -- securityboulevard.com
  • Published date: 2026-04-21 00:00:00 UTC

Mythos: An AI tool too powerful for public release

  • None -- securityboulevard.com
  • Published date: 2026-04-20 00:00:00 UTC