Apple users are the target of a sophisticated new phishing campaign that aims to steal payment information and Apple ID credentials This article explores apple voice phishing. . The attack deceives victims into providing two-factor authentication (2FA) codes by using phony call centers and convincing emails.

The False Invoice The attack starts with an extremely realistic-looking email. It imitates a real transaction receipt with its accurate Apple logo, neat layout, and expert formatting. The subject line, which states that Apple has halted a high-value charge on your Apple Pay account, is meant to incite panic. MalwareBytes is the source of this phishing attack.

To appear official, these emails frequently include a timestamp and a specific "Case ID."

Some versions even assert that the user has a scheduled "appointment" to examine fraudulent activity. The email gives the victim a phone number and advises them to contact "Apple Billing & Fraud Prevention" right away in order to fix the problem. When a victim dials the number, they are speaking with a scammer impersonating a support agent rather than Apple.

Voice phishing, or "vishing," is the term for this tactic. To establish credibility, the agent uses a script and sounds professional. They clarify that the transaction was "partially blocked" when a criminal attempted to use the victim's Apple Pay at a physical location. Innocent questions like confirming the user's name and the Apple devices they own are asked at the beginning of the call.

The victim becomes less vigilant as a result.

Getting Around Security The Apple ID verification code is the most risky aspect of the scam. The fraudster initiates an attempt to log into the victim's actual account. The scammer requests that the victim read aloud a legitimate text message from Apple that contains a code, stating that this is necessary to "confirm identity."

That code is actually being used by the scammer to get past two-factor authentication and take control of the account. In order to "secure" the payment methods after logging in, they might request credit card information, thereby stealing financial information. Malwarebytes security researchers have discovered multiple iterations of this scam. A fictitious invoice for a $279.99 Apple Gift Card is one example.

Another example urges the user to call a specific number, like 1-805-476-8382, while displaying a realistic receipt for a 2025 MacBook Air M4 valued at $1,157.07. Users should be aware that Apple never asks you to call a phone number that appears in an unsolicited message, nor does it use email to set up fraudulent appointments. Most importantly, you will never be asked to provide your password or 2FA verification code over the phone by Apple support representatives.

Change your Apple ID password right away, log out of all active devices in your settings, and get in touch with your bank to dispute any unauthorized charges if you think you may have fallen for this scam.