New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts

The surge in mobile‑first phishing reflects a broader shift in cybercrime, where attackers abandon traditional malware in favor of psychological manipulation. By masquerading as Apple notifications, fraudsters tap into the ubiquity of iPhone devices and the growing reliance on Apple Pay for everyday transactions. This approach reduces technical barriers for criminals while amplifying impact, as victims are coaxed into immediate financial actions rather than navigating complex hacking steps. Analysts note that the pandemic‑driven increase in digital payments has inadvertently expanded the attack surface for such scams.

Apple’s response centers on education and clear boundaries: the company will never request a user’s password, two‑factor authentication code, or ask to disable protective features like Stolen Device Protection. The warning outlines concrete red flags—unexpected messages about Apple Pay activity, pressure to act, and requests for personal credentials. By directing users to verify any alerts through the official Apple app or website, the guidance aims to break the urgency loop that scammers rely on. Apple also provides dedicated reporting channels, encouraging screenshots of texts or FaceTime calls to be forwarded to specific email addresses, thereby creating a data pipeline for threat intelligence.

For businesses and consumers alike, the lesson is twofold. First, maintain a skeptical stance toward unsolicited communications, especially those invoking financial urgency. Second, reinforce multi‑factor authentication and educate employees on recognizing social‑engineering cues. As Apple continues to harden its ecosystem—through WebKit security upgrades and tighter verification processes—the onus remains on end‑users to act as the final line of defense. Proactive reporting and adherence to Apple’s guidelines can curb the financial fallout and preserve trust in the broader mobile‑payment landscape.