Key Takeaways
- A new phishing scam uses genuine Apple Support tickets to trick victims.
- Scammers exploit a system flaw to create real support cases, triggering official-looking emails.
- Protect yourself by verifying tickets directly, never sharing codes, and calling Apple back on official numbers.
A sophisticated new phishing attack is exploiting Apple’s own support system, using legitimate-looking support tickets to trick users into surrendering their accounts. Broadcom executive Eric Moret nearly lost his entire Apple ID after falling for the convincing scam, which he detailed in a Medium post.
How the Apple Support Ticket Scam Works
The scheme stands out because scammers abuse a flaw in Apple’s Support system, allowing them to generate real support cases without verification. This triggers official emails from Apple domains, instantly building trust with the target.
The Initial Attack
Moret first received a flood of two-factor authentication alerts claiming someone was accessing his iCloud. Minutes later, calm, professional-sounding callers claiming to be Apple Support agents phoned him, ready to “fix” the issue.
Gaining Account Access
During a 25-minute call, the fake agents guided Moret to reset his iCloud password. They then sent a link to a fake site (appeal apple dot com) that looked official. The site prompted him to enter a six-digit verification code sent via text.
When Moret entered the code, the scammers gained what they needed to sign into his account. He soon received an alert that his Apple ID was used to sign into an unknown Mac mini. Trusting his instinct, he immediately reset his password again, kicking the attackers out.
How to Protect Yourself from the Apple Support Scam
This scam works because it feels authentic. Here are critical steps to stay safe.
1. Verify Support Tickets Directly
Always check support cases directly. Sign in at appleid.apple.com or use the Apple Support app. If a case number isn’t listed there, the message is fake—even if the email comes from an Apple domain.
2. Hang Up and Call Apple Back
Never stay on an unsolicited support call. Hang up immediately and call Apple Support directly at 1-800-275-2273 or via the official Support app. A genuine agent can verify if there’s a real issue.
3. Never Share Verification Codes
Legitimate Apple Support will never ask for your two-factor authentication codes. Any such request is a definitive red flag.
4. Inspect Links Carefully
Scammers use deceptive URLs like “appeal apple dot com.” Always examine links closely for extra words or odd formatting.
5. Review Your Apple ID Device List
Regularly check the devices signed into your account (Settings > Your Name). Remove any unrecognised devices immediately.
6. Enable Multi-Layer Security
Keep two-factor authentication (2FA) enabled for all major accounts. This adds a crucial barrier against takeover attempts.
7. Pause Before Reacting
Scammers rely on urgency and panic. If something feels rushed or strange, slow down. A moment’s pause can prevent account loss.
8. Consider Additional Security Tools
- Antivirus Software: Use strong antivirus with anti-phishing tools to detect dangerous links and fake messages.
- Data Removal Services: These services can help scrub your personal information from data broker sites, making you a harder target for personalised social engineering attacks.
Final Thoughts
This incident highlights how criminals are weaponising legitimate systems to create highly convincing scams. The best defence combines vigilance with practical habits: verify directly, never share codes, and trust your instincts when something feels off. These steps can protect you from even the most polished phishing attempts.
