I just received a text message as an [Apple Security Alert] stating,
we have noticed that your Apple id was used at “APPLE STORE” for $143.95, paid by Apple Pay Pre Authorization.
This appears to be a phishing scam?
[Edited by Moderator]
iPhone 13, iOS 17
phishing That's not an Apple telephone number.
Fraudsters are getting very good at imitating Apple messages and sometimes the only indication in an email is very subtle. Have a look at this thread. https://discussions.apple.com/thread/255639814 It can be very hard to tell from an email alone if it is authentic. The best way to check is to use an independent way through Apple's own resources to confirm what the communication claims. Scams (e-mail, text messages, and phone calls) are getting very good at closely imitating true Apple communications. Always be cautious. These support articles have some guidelines:
About identifying legitimate emails from the App Store and iTunes Store --> Identify legitimate emails from the App Store or iTunes Store - Apple Support
Recognize and avoid social engineering schemes including phishing messages, phony support calls, and other scams - Recognize and avoid social engineering schemes including phishing messages, phony support calls, and other scams - Apple Support
Avoid scams when you use Apple Cash --> Avoid scams when you use Apple Cash - Apple Support
About Gift Card Scams --> About Gift Card Scams - Official Apple Support
If you are uncertain about a message and a resource provided in that message, do not click on any links in the message. Try to use an Apple resource you know is valid to independently verify what the message is claiming. Go to a support article page on apple.com and use the instructions in the article to verify though Apple itself, or use an Apple device feature such as Settings or an Apple app. To ask Apple start at this web page: Official Apple Support
- Apple e-mails address you by your real name, not something like "Dear Customer", "Dear Client", or an e-mail address* However, having your actual name is not proof this isn’t phishing. Compromised databases may have your name and address in them.
- Apple e-mails originate from @apple.com or @itunes.com but it is possible to spoof a sender address. "Apple email related to your Apple ID account always comes from appleid@id.apple.com." - About your Apple ID email addresses - Apple Support
- Set your email to display Show Headers or Show Original to view Received From. Apple emails originate from IP addresses starting with "17.".
- Mouse-over links to see if they direct to real Apple web sites. Do not click on them as this just tells the spammer they have a working e-mail address in their database. If you are unsure, contact Apple using a link from the Apple.com web site, not one in an email.
- Phishing emails may include account suspension or similar threats in order to panic you into clicking on a link without thinking. They may report a fake purchase in order to infuriate you into rashly clicking on a false link to report a problem. March 2018 post by Niel There was a fraudulent order on my apple … - Apple Community - "Emails saying that your Apple ID has been locked or disabled are always phishing. If one actually gets disabled, its owner will be told when they try logging into it instead of through email."
- Apple will not ask for personal information in an e-mail and never for a social security number.
- Scams may have bad grammar or spelling mistakes.
- Apple will not phone you unless it is in response to a request from you to have them call you.
* Exception: I got email saying my ID is expired! Does… - Apple Community
Forward email attempts as an attachment (in MacOS Mail use the paperclip icon) to: reportphishing@apple.com then delete it.
If this is with regard to a supposed purchase, this Apple article has relevant information and web links for checking if you really have made a purchase or paid for a subscription: If you see ‘itunes.com/bill‘ or an unfamiliar charge on your bank, credit card, or debit statement - Purchases made under Family Sharing might be charged to the organizer's card but will not appear under the organizer's purchase history or subscriptions. Ask family members about those or check your receipts. --> If you see 'apple.com/bill' on your billing statement - Apple Support Apple will email a receipt to the Family Organizer if a purchase is made on a card held by the Family Organizer. This will have the Apple ID of the purchaser, which you should recognize, but won't have specific about what was purchased.
I received from a rossjohn2**@yahoo
Unknown Apple Pay Request
We’ve temporarily suspended certain actions on your Apple ID due to suspicious behavior linked to your account (Case ID: 6749182****). A transaction for $498.29 was initiated at Apple Store – Orlando, FL using Apple Pay. Our system also intercepted multiple failed sign-in attempts and efforts to activate Apple Pay from devices not previously associated with your account. To safeguard your information, these actions have been blocked while we investigate.
If you authorized this activity, no further steps are needed — the payment will be processed within 24 hours. If this is unfamiliar, please contact Apple Support at (844) 376-**** to prevent unauthorized access.
Support Resources:
Apple Support: 1-844-376-****
Billing Assistance: reportaproblem.apple
Your swift attention helps keep your personal data secure.
Stay safe,
Apple Security Team
I’ve never received anything like this before is this fraudulent?
[Edited by Moderator]
Phishing text received:
Wednesday, June 25, 2025
+13***910:APPLE PAY: Auto debit approved USD 479.70 after taxes for apple i-tunes subscription Apple auto pay, if not you contact +18***176 2:57 PM
[Edited by Moderator]
the1stdm wrote:
There is nothing personal in the original post. Those numbers are from the scammer not mine.
Hello~ Look at it this way …reposting the scammers information perpetuates the scam. You do not want to be part of that now do you…certainly not.
~Katana-San~
the1stdm wrote:
There is nothing personal in the original post. Those numbers are from the scammer not mine.
It’s also possible that the number does not still belong to the scammer. Same for email addresses. These things change. Sometimes quickly. Sometimes over years.
And yes, search engines will scrape postings and particularly active threads (which is how folks keep arriving at this thread) and will absolutely offer up that data in their AI slop summaries, whether the posting is serious or sarcastic or spam or simply wrong. And yes, some people will either find the number here, or will find it in the AI slop, and will call it.
MrHoffman wrote:
And yes, some people will either find the number here, or will find it in the AI slop, and will call it.
For years, the phone companies told people to only use (555) area code numbers in songs and other fictional works. Why? (555) is reserved for the phone companies themselves, and there are few numbers in it. Call up with nonsense or abuse, and you are "only" harassing the phone company, not its customers. If you even ring a phone at all.
One rock band ignored this advice and included a regular seven-digit number (no area code) in a song about a fictional woman named "Jenny" whose name and number was "on the wall". If you've ever heard this song, the number is virtually impossible to forget. The band "helpfully" repeated the number over and over, ad nauseam.
The result was a flood of obscene phone calls to real people who had that number, in one area code or another. Obscene phone calls placed by idiots who did not know or care about the difference between fiction and reality.
Servant of Cats wrote:
MrHoffman wrote:
And yes, some people will either find the number here, or will find it in the AI slop, and will call it.
For years, the phone companies told people to only use (555) area code numbers in songs and other fictional works. Why? (555) is reserved for the phone companies themselves, and there are few numbers in it.
That’s evolved over the years, too. Only 555-0100 through 555-0199 are now specifically reserved for fictional use; the other numbers have been reserved for actual assignment. (Details)
Similarly, there are reserved domain names (example.com, example.org, example.net), reserved IP address ranges
192.0.2.0/24 Test-Net-1, 198.51.100.0/24 Test-Net-2, 203.0.113.0/24 Test-Net-3), and other similar reservations for other things-that-should-not-actually-be-working usage.
Oceans47 wrote:
this world is in a mess.
And always has been. Look up Teapot Dome if you never studied it. Or the Panama scam (The Darien Scheme) that bankrupted Scotland in 1690. Or the original Ponzi Scheme of 1869, named for its creator, Charles Ponzi. Or the modern day repeat by Bernard Madoff. The phishing scams discussed in this thread are small potatoes. Go research the current “Pig butchering” scams that can cost victims from thousands to hundreds of thousands of dollars.
IdrisSeabright wrote:
It's even harder with these digital criminals because they are frequently in other countries.
If I remember correctly, an old AT&T advertising slogan was "Reach out and touch someone." It appears that the criminals were listening – but not in a good way.
Servant of Cats wrote:
IdrisSeabright wrote:
It's even harder with these digital criminals because they are frequently in other countries.
If I remember correctly, an old AT&T advertising slogan was "Reach out and touch someone." It appears that the criminals were listening – but not in a good way.
Indeed!
I read an article recently about someone who tried to find the source of the EZ Pass scam messages. He found over 100,000 sites that were running the scams.
https://www.cbsnews.com/philadelphia/news/unpaid-toll-scam-text-message-dmv-penndot-ezpass/
Servant of Cats wrote:
If I remember correctly, an old AT&T advertising slogan was "Reach out and touch someone." It appears that the criminals were listening – but not in a good way.
when I consulted with AT&T years ago we called the AT&T logo The Death Star.
Lawrence Finch wrote:
Servant of Cats wrote:
If I remember correctly, an old AT&T advertising slogan was "Reach out and touch someone." It appears that the criminals were listening – but not in a good way.
when I consulted with AT&T years ago we called the AT&T logo The Death Star.
Actually, the DETHSTAR, because that was when file names could not exceed 8 characters😀
Hello~ Can I ask you to explain something please? Why would you be “glad” here… “Very glad to see others have received the same so i know it is a scam”. That’s a very disappointing statement to make.
~Katana-San~
I got the exact same message. Freaked me out b/c I actually did make a purchase in the Apple Store yesterday.
I suspect that was just coincidental, but it doesn't hurt to be cautious.
Same here, got this today, 10/10/2024
[Edited by Moderator]
Identifying Phishing Scams in text messages
