Fraudsters exploit Apple support system to create convincing fake alerts

A new phishing scam is getting a lot of attention because it uses real Apple support tickets to trick people into abandoning their accounts. Broadcom’s Eric Moret has explained how he nearly lost his entire Apple account after trusting what looked like official communication. He described the entire experience in a detailed article on Medium, where he described the scam step by step.

This scheme is notable because the scammers relied on Apple’s own support system to make their messages appear legitimate. They created a polished and professional experience, from the first alert to the last phone call. Here’s how the scam unfolded.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

The #1 Google Search Scam Everyone’s Falling for

How the scam begins

Moret first receives a flood of alerts. These included two-factor authentication notifications claiming that someone was trying to access their iCloud account. Within minutes, he received phone calls from calm, helpful callers who claimed to be Apple agents ready to resolve the problem.

The problem is how convincing the whole setup was. Scammers were able to exploit a flaw in Apple’s support system that allows anyone to create a genuine support ticket without verification. They opened a real Apple Support case on his behalf, which triggered official emails from an Apple domain. This established instant confidence and lowered Moret’s guard.

How the fraudsters gained access to the account

Over the course of a 25-minute call, the fake agents guided Moret in what they believed would secure his account. They walked him through the steps to reset his iCloud password. They also told him a bond would follow so he could close the case.

This link took him to a fake site called Appeal Apple Dot Com. The page looked official and claimed that his account was secure. It then asked her to enter a six-digit code sent via text message to complete the process.

When Moret entered this code, the scammers got exactly what they needed to log into his account.

He then received an alert that his Apple ID had been used to sign in to a Mac mini he didn’t own. This confirmed the takeover attempt. Even though the scammer on the phone told him it was normal, he trusted his instincts. He reset his password again, which kicked them out and stopped the attack.

BEWARE OF FALSE CREDIT CARD ACCOUNT RESTRICTION SCAMS

A Broadcom executive claims he almost lost access to his Apple ID after trusting a fraudulent support call that appeared legitimate. (Photo by Jakub Porzycki/NurPhoto via Getty Images)

How to Protect Yourself from Apple Support Ticket Scam

This type of scam works because it looks real. The messages appear official and the callers appear trained. Still, you can stay safer by watching for signs that something is wrong.

1) Check support tickets in your Apple account

The scammers created a real-looking ticket to make the entire experience seem legitimate. You can confirm what’s real by checking with Apple directly. Log in to appleid.apple.com or open the Apple Support app to view your recent cases. If the case number is not there, the message is false, even if the email comes from an Apple domain.

2) Hang up and call Apple yourself

Never stay on a call you did not initiate. Scammers rely on long conversations to build trust and pressure you into making quick decisions. Hang up immediately and call Apple Support directly at 1-800-275-2273 or through the Support app. A real agent will quickly confirm if anything is wrong.

3) Check the list of your Apple ID devices

If something is wrong, look at the devices connected to your account. Go to Settingspress your name and scroll to see all devices linked to your Apple ID. Delete anything you don’t recognize. This step can quickly stop attackers if they have gained entry.

4) Never share verification codes

No real support agent will ever ask you for your two-factor authentication codes. Treat any request for these codes as a major warning.

5) Check each link carefully

Look carefully at the URLs. Fake sites often add extra words or change formatting to appear real. Apple will never send you to a site like Appeal Apple Dot Com.

Scammers are abusing iCloud Calendar to send phishing emails

Criminals use Apple’s support system to generate emails about real cases that build false confidence in victims. (Photo by Fairfax Media via Getty Images via Getty Images)

6) Use powerful antivirus software

Powerful antivirus software can detect dangerous links, unsafe sites, and fake support messages before you use them. Anti-phishing tools are especially important in scams like this because the attackers used a fake site and real ticket emails to trick victims.

The best way to protect yourself from malicious links that install malware, potentially accessing your private information, is to install powerful antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, protecting your personal information and digital assets.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com

7) Use a data deletion service

Data brokers collect your phone number, home address, email address and other details that fraudsters use to personalize their attacks. A data removal service can erase much of this information from broker sites, making you a harder target for social engineering attempts like the one described in this article.

Although no service can guarantee the complete removal of your data from the Internet, a data deletion service is definitely a wise choice. They’re not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information across hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to erase your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data deletion services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com

Get a free analysis to find out if your personal information is already available on the web: Cyberguy.com

8) Enable Strong Multi-Layer Protection

Keep two-factor authentication (2FA) enabled for each primary account. This creates a barrier that quickly stops attackers.

9) Slow down before reacting

Scammers want to make you panic. Pause before taking action. Trust your instincts when something seems rushed or strange. A short delay could save your entire account.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s Key Takeaways

This scam shows how convincing criminals can be when exploiting real systems. Even cautious users can fall for messages that look official and calls that sound professional. The best defense is to stay alert and take a moment before reacting to something unexpected. When you slow down, double-check support tickets, and never share verification codes, you make yourself much harder to deceive. Adding layers like antivirus protection and data deletion services also gives you more control over what attackers can access. These simple habits can stop even the most sophisticated scams before they reach your accounts.

What would you do if you received a support call that seemed real but didn’t feel right? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com. All rights reserved.