Technology
Apple app password scam email warning
NEWYou can now listen to Fox News articles!
You open your inbox and see a subject line from Apple. It says an app-specific password was generated for your account. Then your stomach drops.
The email claims you authorized a $2,990.02 PayPal payment. It even includes a confirmation number. It urges you to call a support number right away. There is just one problem. You never did any of this.
If that sounds familiar, you are likely looking at a classic Apple impersonation scam.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Scammers are using Apple branding and urgent language to trick victims into calling a fake support number. (Kevin Carter/Getty Images)
What the fake Apple email says
The message claims:
- An app-specific password was generated
- A large PayPal payment was approved
- You should call the listed phone number to report an unauthorized transaction
At first glance, it looks polished. It uses Apple branding. It mentions Apple Support. It includes a confirmation code. However, once you slow down and read it carefully, the red flags jump out.
Red flags in the Apple app-specific password scam email
Before you panic or pick up the phone, take a closer look at these warning signs that expose this Apple app-specific password scam email.
1) The ‘To’ address is not you
The “To” field shows an email address that is not the recipient’s actual address. That is a huge warning sign. Legitimate Apple security emails are sent directly to the Apple ID email on file. If the visible recipient address is different from yours, the message was likely mass-mailed or spoofed. Scammers blast these emails to thousands of addresses at once. They do not customize the recipient line properly. That mismatch alone is enough to treat the message as fraudulent.
2) The sudden $2,990 charge
Scammers love big numbers. A charge close to $3,000 is designed to trigger panic. When people feel fear, they act fast. That is exactly what the criminals want.
3) The ‘call this number now’ trick
The email pushes you to call a specific phone number. That number does not belong to Apple. Real Apple security emails tell you to visit your account directly. They do not pressure you to call a random support line.
If you call, the scammer may:
- Ask for your Apple ID password
- Request remote access to your computer
- Tell you to move money to “secure” your account
That is how the real damage begins.
4) Bold links that push you to click
The email includes bold links such as Apple Account and Apple Support. They are designed to look official and trustworthy. However, scammers often hide malicious URLs behind legitimate-looking text. When you hover over the link, the actual destination may be a completely different website. That is why you should never click links inside a suspicious email. Instead, open a new browser window and type the official website address yourself.
5) Mixed messages about passwords and payments
The subject mentions an app-specific password. The body suddenly talks about a PayPal transaction. That mismatch is a major warning sign. Scammers often combine multiple fears into one message to increase urgency.
6) Generic greeting
The email opens with “Dear Customer.” Apple typically addresses you by your name. Generic greetings are common in bulk phishing emails.
SPYWARE CAN HIGHJACK YOUR PHONE IN SECONDS
A fake Apple email claiming a $2,990 PayPal charge is targeting inboxes in a new impersonation scam. (Qilai Shen/Bloomberg via Getty Images)
More subtle signs this is a scam
There are several additional details that help confirm this is not real.
The reply-to address may look legitimate at first glance
In this case, the Reply-To field shows appleid-usen@email.apple.com, which appears to be an official Apple domain. However, a familiar-looking domain does not automatically prove an email is legitimate. Scammers can spoof visible sender information. They can manipulate display names and certain header fields so a message appears to come from a trusted company. Most people never see the deeper technical authentication details, such as SPF, DKIM or DMARC validation. That means a legitimate-looking sender address can still appear in a fraudulent message. When evaluating a suspicious Apple app-specific password email, weigh all the red flags together, not just the reply-to address.
If the email also includes:
- A mismatched “To” field
- A large unexpected payment
- An urgent phone number
- Mixed messaging about passwords and PayPal
Those warning signs matter far more than a familiar-looking domain.
The payment language feels forced
The email says: “You authorized a USD 2,990.02 payment to apple.com using PayPal.” That wording feels stiff and unnatural. Apple receipts usually reference specific products, subscriptions or invoice details. They do not vaguely reference a large PayPal payment tied to a password notification. The mismatch between a password alert and a major payment should raise suspicion immediately.
The masked email formatting looks odd
The message shows a masked address with dots and an unusual domain, such as relay.quickinvoicesus.com. That is not standard Apple formatting. Apple typically references your Apple ID directly, not an unrelated invoice-style domain. That strange domain inclusion is another strong indicator that this email is fraudulent.
The pressure to act fast
The message urges you to call immediately to report an unauthorized transaction. High urgency is a hallmark of phishing. Legitimate companies encourage you to log in securely to your account. They do not rush you into calling a third-party phone number. When you feel rushed, pause. Scammers rely on speed and emotion.
What this scam is really trying to do
This is a refund scam disguised as a security alert.
The goal is simple. Get you to call the fake support number. Once you are on the phone, the scammer may:
- Ask for your Apple ID password
- Request remote access to your computer
- Guide you through fake refund steps
- Steal banking or PayPal information
In many cases, victims lose far more than the fake $2,990 charge mentioned in the email.
How to check your Apple account safely
If you receive this type of message, pause. Then take control. Instead of clicking links in the email:
- Open a new browser window
- Type appleid.apple.com directly into the address bar
- Log in and review your account activity
If you did not generate an app-specific password and you see no suspicious charges, you are safe. You can also check your PayPal account directly by typing paypal.com into your browser. Never rely on links or phone numbers inside a suspicious email.
Apple app-specific password scam email checklist
Use this simple checklist the next time you get a scary email:
- The “To” field does not match your email
- The greeting says Dear Customer
- There is a large unexpected charge
- You are told to call a number immediately
- The topic feels mismatched, such as password plus payment
If several of these appear together, you are almost certainly dealing with a scam.
Why Apple and PayPal impersonation scams keep working
Apple has billions of users. PayPal has hundreds of millions more. Both brands are trusted, widely used and connected to sensitive financial information. When criminals attach Apple’s name to a message, people pay attention. When they add PayPal and a large dollar amount, the fear intensifies. That combination is powerful. It blends account security concerns with financial panic. Many people react before they pause to verify the details. That split second of fear is exactly where scammers make their money.
“PayPal does not tolerate fraudulent activity, and we work hard to protect our customers from evolving phishing scams,” a PayPal spokesperson told CyberGuy. “We always encourage consumers to practice vigilance online and to learn how to spot the warning signs of common fraud. We recommend reviewing our best practice tips for avoiding phishing schemes on the PayPal Newsroom, and contacting Customer Support directly through the PayPal app or our Contact page for assistance if you believe you have been targeted by a scam.”
CyberGuy also reached out to Apple for comment.
TAX SEASON SCAMS 2026: FAKE IRS MESSAGES STEALING IDENTITIES
The fraudulent message combines an app-specific password alert with a PayPal charge to create panic. (Christian Charisius/picture alliance via Getty Images)
How to protect yourself from Apple phishing emails
You can reduce your risk from an Apple app-specific password scam email with a few smart habits. These steps protect more than just your Apple account. They protect your entire digital life.
1) Use two-factor authentication
Enable two-factor authentication (2FA) on your Apple ID, PayPal and email accounts. Even if someone guesses your password, they still cannot log in without the second verification step. That extra layer blocks most account takeover attempts.
2) Never click links or call numbers in suspicious emails
If an email tells you to call support or click a link, stop. Instead, open a new browser window and type the official website address yourself. Go directly to appleid.apple.com or paypal.com. Also, make sure you have strong antivirus software installed on your devices. Strong antivirus tools can detect malicious links, block phishing sites and warn you before you land on a fake login page. That protection matters because one click on the wrong link can expose login credentials or install hidden malware. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
3) Watch for urgency and fear tactics
Scammers push urgency. They use large dollar amounts and phrases like unauthorized transaction to rush you. Pause when you feel panic. Review the details carefully. Legitimate companies do not pressure you into instant action.
4) Keep your devices updated
Install software updates on your phone and computer as soon as they become available. Security patches fix vulnerabilities that attackers exploit. Outdated software makes phishing and malware attacks easier to pull off.
5) Use a password manager and strong, unique passwords
Do not reuse passwords across accounts. If one site gets breached, reused passwords put everything else at risk. A password manager generates long, complex passwords and stores them securely. That way, even if scammers trick you into entering one password somewhere, it will not unlock your other accounts.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
6) Reduce your exposed personal information
Scammers often find your email address and personal details through data broker sites. Using a reputable data removal service can reduce how much of your personal information is publicly available online. When less of your data floats around the internet, criminals have fewer tools to target you with convincing phishing emails. Less exposure means fewer personalized scams landing in your inbox. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
7) Report the phishing email
Forward suspicious Apple impersonation emails to reportphishing@apple.com. You can also mark the message as phishing in your email provider. Reporting scams helps improve filters and protect other people from falling victim.
8) Monitor your financial accounts
Even if you did not click anything or call the number, review your bank, PayPal and Apple accounts for unusual activity over the next few days. Early detection limits damage. The faster you spot fraud, the easier it is to reverse.
9) Consider freezing your credit if information was exposed
If you entered personal information or downloaded anything suspicious, consider placing a free credit freeze with Equifax, Experian and TransUnion. A credit freeze prevents criminals from opening new accounts in your name. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.”
Kurt’s key takeaways
If you received an Apple app-specific password email with a $2,990 charge you did not authorize, trust your instincts. It is almost certainly a scam. Do not call the number. Do not click the links. Go directly to your official account pages and check for yourself. A few calm minutes can save you thousands of dollars and hours of stress.
When phishing scams use trusted brands like Apple so easily, is the tech industry truly staying ahead of cybercriminals? Let us know your thoughts by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Related Article
Technology
Michael and Susan Dell surpass $1 billion in donations backing AI-driven hospital project
NEWYou can now listen to Fox News articles!
Billionaire Michael Dell and his wife, Susan Dell, have become the first donors to give more than $1 billion to the University of Texas at Austin, funding a massive new medical research campus and hospital system powered by artificial intelligence.
The couple’s latest investment includes a $750 million gift to help build the UT Dell Medical Center, a planned “AI-native” hospital expected to open in 2030 as part of a more than 300-acre advanced research campus.
University officials said the project will integrate research, clinical care and advanced computing to improve early disease detection, personalize treatment and expand access to care in the rapidly growing Austin region.
The Dells’ support builds on decades of contributions to UT, including funding for its medical school, scholarships and research programs.
EXCLUSIVE: REPUBLICANS IN KEY RED STATE LAUNCH CAMPAIGN TO ELECT ‘TRUE’ CONSERVATIVES AHEAD OF TRUMP RETURN
Michael Dell and Susan Dell attend the Breakthrough Prize ceremony as they become the first to donate more than $1 billion to the University of Texas at Austin. ( Craig T Fruchtman/WireImage)
“By bringing together medicine, science and computing in one campus designed for the AI era, UT can create more opportunity, deliver better outcomes, and build a stronger future for communities across Texas and beyond,” Michael Dell and Susan Dell said.
The gift ranks among the largest in the history of higher education, alongside major contributions like Phil Knight’s $2 billion pledge to Oregon Health & Science University and Michael Bloomberg’s $1.8 billion donation to Johns Hopkins University.
The new UT Dell Medical Center will be developed in collaboration with MD Anderson Cancer Center, integrating cancer care into a system designed to connect prevention, diagnosis and treatment.
AI IS RUNNING THE CLASSROOM AT THIS TEXAS SCHOOL, AND STUDENTS SAY ‘IT’S AWESOME’
The University of Texas at Austin campus at sunset. (iStock)
“We will deliver better outcomes for patients by providing research-driven cancer care that is precise, compassionate and hope-filled,” Peter WT Pisters, president of UT MD Anderson, said.
Officials said the facility will be built from the ground up to incorporate AI, rather than retrofitting older infrastructure — an approach they say could transform how hospitals operate.
Independent experts have cautioned that AI in health care can introduce risks if not carefully validated. A widely cited study published in the journal Science by researchers at the University of California, Berkeley and the University of Chicago found that a commonly used healthcare algorithm underestimated the needs of Black patients due to biased training data, highlighting broader concerns about equity in AI-driven systems.
The project also includes funding for undergraduate scholarships, student housing and the Texas Advanced Computing Center, where officials are developing one of the nation’s most powerful academic supercomputers.
TURNING POINT USA BACKS TRUMP ACCOUNTS PROGRAM WITH ‘DOLLAR-FOR-DOLLAR MATCH’ FOR ELIGIBLE EMPLOYEE NEWBORNS
Artificial intelligence technology is expected to play a key role in diagnosis and patient care at the planned UT Dell Medical Center. (iStock)
Texas Gov. Greg Abbott said the investment will help position the state as a national leader in healthcare innovation.
“Texas already dominates in technology, energy and business, and now we will further cement our leadership in health care innovation as well,” Abbott said.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
The university said it plans to break ground on the medical center later this year and has launched a broader campaign to raise $10 billion over the next decade.
The Associated Press contributed to this report.
SpaceX and Cursor are now working closely together to create the world’s best coding and knowledge work AI.
The combination of Cursor’s leading product and distribution to expert software engineers with SpaceX’s million H100 equivalent Colossus training supercomputer will allow us to build the world’s most useful models.
Cursor has also given SpaceX the right to acquire Cursor later this year for $60 billion or pay $10 billion for our work together.
NEWYou can now listen to Fox News articles!
If you’ve ever clicked “Check for updates” and trusted what you saw, you’re not alone. That’s exactly what this latest scam is counting on.
The page mimics official branding, includes a believable knowledge base number and presents a big blue download button that feels familiar.
The catch? The download installs malware designed to steal passwords, payment details and account access.
According to researchers at Malwarebytes Labs, a cybersecurity research and threat intelligence team inside Malwarebytes, the site uses a typosquatted domain that looks close enough to a real Microsoft URL to fool a quick glance. That small trick is often all it takes.
APPLE APP PASSWORD SCAM EMAIL WARNING
Cybersecurity researchers warn a fake Microsoft update site uses a look-alike URL and a familiar download button to deliver data-stealing malware. (Michael Nagle/Bloomberg via Getty Images)
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Why this fake Windows update malware slips past detection
At first glance, nothing seems off. The file looks like a standard Windows installer. It even lists “Microsoft” in its properties. That’s where this attack gets clever. Instead of using obvious malicious code, the attackers built the installer with legitimate tools and layered the attack in stages. Each piece looks harmless on its own.
Here’s what’s happening behind the scenes:
- The installer launches what appears to be a normal app
- That app quietly runs hidden scripts
- A disguised process loads a full Python environment
- Data theft tools activate in the background
Because each step looks routine, many security tools fail to flag it right away. Researchers also noted that antivirus engines initially showed zero detections for key parts of the attack. That does not mean the file is safe. It means the malicious behavior is well hidden.
What this fake Windows update malware is stealing
Once installed, the malware gets to work fast. It collects details about the infected device, including location and IP address. Then it reaches out to remote servers to receive instructions and upload stolen data.
The targets include:
- Saved browser passwords
- Login sessions and cookies
- Payment details
- Discord account tokens
It even tries to shut down other processes on your system to avoid interference while it works. In some cases, it modifies apps like Discord to intercept account activity in real time.
How the fake Windows update malware stays on your system
This malware is designed to stick around. It creates entries that look like normal system processes, so they blend in. One registry entry mimics Windows Security Health, which most users would ignore. It also drops a shortcut in your startup folder with a familiar name like Spotify. That makes it easy to overlook. Two different persistence tricks mean it can survive a reboot and keep running.
FAKE WINDOWS UPDATE PUSHES MALWARE IN NEW CLICKFIX ATTACK
A fake Windows update page is tricking users into downloading malware that steals passwords, payment details and account access. (Beata Zawrzel/NurPhoto)
Why this fake Windows update scam feels so real
There’s a bigger trend behind this. Researchers say campaigns like this often target regions where large data breaches have already exposed personal information. When attackers already know your name, provider or habits, they can build scams that feel tailored to you. That makes a fake Windows update page far more believable than a generic phishing email.
It also highlights something important. Today’s malware often hides inside legitimate tools and trusted frameworks. That makes it harder to detect and easier to trust. This campaign shows how far scammers have come. They are no longer relying on sloppy emails or obvious fake links. Instead, they are building layered attacks that look and behave like trusted software.
Even experienced users can get caught off guard when everything appears normal. The biggest takeaway is simple. A clean scan result or a familiar interface does not guarantee safety.
Microsoft says it’s aware of the threat
Microsoft confirmed it is tracking this type of activity and urges users to be cautious when downloading updates from unfamiliar sources.
“We are aware of reports of fraudulent websites impersonating Microsoft, and we actively work to detect and disrupt malicious activity across the internet,” A Microsoft spokesperson told CyberGuy. “We encourage customers to be cautious of unexpected prompts or downloads and to verify that they are interacting with legitimate Microsoft domains. As a best practice, we recommend users verify the legitimacy of a link by going directly to our website from your own saved favorite, from a web search, or by typing the domain name yourself.”
For more guidance on how to protect against online phishing scams, you can refer to Microsoft’s official support page at support.microsoft.com.
MICROSOFT CROSSES PRIVACY LINE FEW EXPECTED
A convincing Windows update scam is spreading malware that can grab saved passwords, cookies, payment data and Discord tokens. (Todor Tsvetkov/Getty Images)
Ways to stay safe from fake Windows update malware
You don’t need to be a security expert to avoid this. A few habits make a big difference.
1) Only update Windows from your settings
Go to Settings > Windows Update and check for updates there. Avoid downloading updates from websites.
2) Double-check the URL
Real Microsoft pages use microsoft.com. Anything else, even if it looks close, should raise a red flag.
3) Be cautious with urgent update prompts
If a site or message pressures you to install an update, stop and verify it manually.
4) Use strong antivirus software with behavior detection
Traditional antivirus software, which often comes built into your device or as basic security software, mainly looks for known threats using signature matching, which means it can miss new or well-hidden attacks like this one. Strong antivirus software uses behavior detection to monitor what programs are doing in real time, helping flag suspicious activity even if the malware hasn’t been seen before. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
5) Use a data removal service to limit your exposure
If your personal information is already circulating online from past breaches, it can make scams like this more convincing. A data removal service helps reduce how much of your information is publicly available, making it harder for attackers to target you with tailored phishing attempts. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
6) Turn on two-factor authentication
Two-factor authentication (2FA) adds a second layer of protection if your passwords are stolen.
7) Avoid downloading installer files from unknown sites
Legitimate updates rarely require manual downloads.
Kurt’s key takeaways
Fake updates are one of the most effective tricks because they tap into something we all trust. Keeping your system secure should not put you at risk, yet that’s exactly what attackers are exploiting here. The safest move is to slow down, verify where updates come from and stick to built-in tools whenever possible.
Are tech companies doing enough to keep fake updates from putting your data at risk? Let us know your thoughts in the comments below. Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
-
World4 minutes agoIran reportedly fires on three ships in Strait of Hormuz
-
Politics10 minutes agoWATCH: Sen Warren unloads on Trump’s Fed nominee Kevin Warsh in explosive hearing showdown
-
Health16 minutes agoGrieving mom hospitalized with rare ‘broken heart syndrome’ after veteran son’s suicide
-
Sports22 minutes agoAustin Reaves nearing return for Lakers as Luka Doncic remains out indefinitely with hamstring strain: report
-
Technology28 minutes agoMichael and Susan Dell surpass $1 billion in donations backing AI-driven hospital project
-
Business34 minutes agoContributor: ICE raids and migrant pay cuts are devastating California economies
-
Entertainment40 minutes agoReview: Monica Lewinsky, a saint? This devastatingly smart romance goes there
-
Lifestyle46 minutes agoWhat are Angelenos giving away in one Buy Nothing group? All this treasured stuff