Title image above is copyright © Optimate Group Pty Ltd

First published 29th December 2025

This scam is global. Even if you don’t have Apple devices or an Apple account, please do take the 12 or so minutes to watch this video below, as this subterfuge could apply to ANY account that uses two-factor or multi-factor authentication (2FA or MFA) to verify a user and an account. Bank accounts are an obvious one here.

2FA/MFA creates a false sense of security which these gutter-dwellers prey on. This scam deceives even the most suspicious and alert by timing scam calls with genuine support texts and emails from Apple.

 

There are two big take-home messages here. One is summed up best of all by this comment:

"@TitanWasp 8 days ago No company will offer help before help is needed! They dont [sic] care about you that much!"

In other words, Apple/Microsoft/your bank/others will NEVER ring you out of the blue. Should they apparently do so, hang up, look up their support number and ring them back to check anything of concern.

The other is: always, always, doublecheck each and every URL in each and every text and email. Yes this can be hard to do when under the stress and pressure of believing your account has been compromised, but that just makes it all the more important to recognise that emotional state and act as best as you can to minimise risk.

And please also know that no subdomain has a hyphen before the domain. Here it was appeal-apple.com - that is a domain attempting to look like an Apple subdomain, by using a hyphen. A real subdomain of apple.com would use a full stop: appeal.apple.com