Krebs documented back in 2024<\/a>. I dismissed the prompts, but the stage was set.<\/p>\nWhat made the attack impressive was the next move: The scammers actually contacted Apple Support themselves, pretending to be me, and opened a real case claiming I\u2019d lost my phone and needed to update my number. That generated a real case ID, and triggered real Apple emails to my inbox, properly signed<\/em>, from Apple\u2019s actual servers. These were legitimate; no filter on earth could have caught them.<\/p>\nThen \u201cAlexander from Apple Support\u201d called. He was calm, knowledgeable, and careful<\/em>. His first moves were solid security advice: check your account, verify nothing\u2019s changed, consider updating your password. He was so good that I actually thanked him for being excellent at his job.<\/p>\nThat, of course, was when he moved into the next phase of the attack.<\/p>\n
He texted me a link to review and cancel the \u201cpending request.\u201d The site, audit-apple.com, was a pixel-perfect Apple replica, and displayed the exact case ID from the real emails I\u2019d just received. There was even a fake chat transcript of the scammers\u2019 actual conversation with Apple, presented back to me as evidence of the attack against my account. At the bottom of the page was a Sign in with Apple button that he told me to use.<\/p>\n\nI started poking at the page and noticed I could enter any case ID and get the same result. Nothing was being validated. It was all theater.<\/p>\n
\u201cThis is really good,\u201d I told Alexander. \u201cThis is obviously phishing. So tell me about the scam.\u201d<\/p>\n
Silence. *Click*.<\/p>\n
Once I\u2019d suspected what was happening, I\u2019d started recording the call, so I was able to save a good chunk of it, which Jamie Marsland used to make a video about the encounter. You can hear for yourself exactly how convincing \u201cAlexander\u201d was.<\/p>\n
So let my almost-disaster help you avoid your own. Remember these rules.<\/p>\n
\nDon\u2019t approve any password-reset prompts<\/strong>\u2014those are the first part of the attack. Do not pass Go, just head directly to your Apple ID settings. <\/li>\nApple will <\/strong>never<\/em><\/strong> call you first.<\/strong> <\/li>\nWhen you get an email from Apple\u2014or, really, anyone telling you to complete a digital security measure\u2014check the URL<\/strong> they\u2019re trying to send you to. Apple Support lives on apple.com and getsupport.apple.com, nowhere else.<\/li>\n<\/ul>\nAfter all, the best protection is knowing what this looks like before it happens.<\/p>\n\n\n<\/div>\n<\/figure>","protected":false},"excerpt":{"rendered":"
This is a little embarrassing to share, but I\u2019d rather someone else be able to spot a dangerous scam before they fall for it. So, here goes. One evening last month, my Apple Watch, iPhone, and Mac all lit up with a message prompting me to reset my password. This came out of nowhere; I […]<\/p>\n","protected":false},"author":1,"featured_media":599,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-598","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/posts\/598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/comments?post=598"}],"version-history":[{"count":0,"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/posts\/598\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/media\/599"}],"wp:attachment":[{"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/media?parent=598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/categories?post=598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xn--mnchen-3ya.xyz\/index.php\/wp-json\/wp\/v2\/tags?post=598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/i0.wp.com\/ma.tt\/files\/2026\/03\/CleanShot-2026-02-07-at-19.36.31%402x-1-1024x996.png?resize=604%2C587&quality=80&ssl=1\")
<\/figure>\n![\"\"](\"https:\/\/i0.wp.com\/ma.tt\/files\/2026\/03\/CleanShot-2026-02-07-at-18.14.37%402x-1024x670.png?resize=604%2C395&quality=80&ssl=1\")
<\/figure>\n![\"\"](\"https:\/\/i0.wp.com\/ma.tt\/files\/2026\/03\/CleanShot-2026-02-07-at-18.08.36%402x-1024x708.png?resize=604%2C418&quality=80&ssl=1\")
<\/figure>\n<\/figure>\n