Technology
Apple app password scam email warning
NEWYou can now listen to Fox News articles!
You open your inbox and see a subject line from Apple. It says an app-specific password was generated for your account. Then your stomach drops.
The email claims you authorized a $2,990.02 PayPal payment. It even includes a confirmation number. It urges you to call a support number right away. There is just one problem. You never did any of this.
If that sounds familiar, you are likely looking at a classic Apple impersonation scam.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Scammers are using Apple branding and urgent language to trick victims into calling a fake support number. (Kevin Carter/Getty Images)
What the fake Apple email says
The message claims:
- An app-specific password was generated
- A large PayPal payment was approved
- You should call the listed phone number to report an unauthorized transaction
At first glance, it looks polished. It uses Apple branding. It mentions Apple Support. It includes a confirmation code. However, once you slow down and read it carefully, the red flags jump out.
Red flags in the Apple app-specific password scam email
Before you panic or pick up the phone, take a closer look at these warning signs that expose this Apple app-specific password scam email.
1) The ‘To’ address is not you
The “To” field shows an email address that is not the recipient’s actual address. That is a huge warning sign. Legitimate Apple security emails are sent directly to the Apple ID email on file. If the visible recipient address is different from yours, the message was likely mass-mailed or spoofed. Scammers blast these emails to thousands of addresses at once. They do not customize the recipient line properly. That mismatch alone is enough to treat the message as fraudulent.
2) The sudden $2,990 charge
Scammers love big numbers. A charge close to $3,000 is designed to trigger panic. When people feel fear, they act fast. That is exactly what the criminals want.
3) The ‘call this number now’ trick
The email pushes you to call a specific phone number. That number does not belong to Apple. Real Apple security emails tell you to visit your account directly. They do not pressure you to call a random support line.
If you call, the scammer may:
- Ask for your Apple ID password
- Request remote access to your computer
- Tell you to move money to “secure” your account
That is how the real damage begins.
4) Bold links that push you to click
The email includes bold links such as Apple Account and Apple Support. They are designed to look official and trustworthy. However, scammers often hide malicious URLs behind legitimate-looking text. When you hover over the link, the actual destination may be a completely different website. That is why you should never click links inside a suspicious email. Instead, open a new browser window and type the official website address yourself.
5) Mixed messages about passwords and payments
The subject mentions an app-specific password. The body suddenly talks about a PayPal transaction. That mismatch is a major warning sign. Scammers often combine multiple fears into one message to increase urgency.
6) Generic greeting
The email opens with “Dear Customer.” Apple typically addresses you by your name. Generic greetings are common in bulk phishing emails.
SPYWARE CAN HIGHJACK YOUR PHONE IN SECONDS
A fake Apple email claiming a $2,990 PayPal charge is targeting inboxes in a new impersonation scam. (Qilai Shen/Bloomberg via Getty Images)
More subtle signs this is a scam
There are several additional details that help confirm this is not real.
The reply-to address may look legitimate at first glance
In this case, the Reply-To field shows appleid-usen@email.apple.com, which appears to be an official Apple domain. However, a familiar-looking domain does not automatically prove an email is legitimate. Scammers can spoof visible sender information. They can manipulate display names and certain header fields so a message appears to come from a trusted company. Most people never see the deeper technical authentication details, such as SPF, DKIM or DMARC validation. That means a legitimate-looking sender address can still appear in a fraudulent message. When evaluating a suspicious Apple app-specific password email, weigh all the red flags together, not just the reply-to address.
If the email also includes:
- A mismatched “To” field
- A large unexpected payment
- An urgent phone number
- Mixed messaging about passwords and PayPal
Those warning signs matter far more than a familiar-looking domain.
The payment language feels forced
The email says: “You authorized a USD 2,990.02 payment to apple.com using PayPal.” That wording feels stiff and unnatural. Apple receipts usually reference specific products, subscriptions or invoice details. They do not vaguely reference a large PayPal payment tied to a password notification. The mismatch between a password alert and a major payment should raise suspicion immediately.
The masked email formatting looks odd
The message shows a masked address with dots and an unusual domain, such as relay.quickinvoicesus.com. That is not standard Apple formatting. Apple typically references your Apple ID directly, not an unrelated invoice-style domain. That strange domain inclusion is another strong indicator that this email is fraudulent.
The pressure to act fast
The message urges you to call immediately to report an unauthorized transaction. High urgency is a hallmark of phishing. Legitimate companies encourage you to log in securely to your account. They do not rush you into calling a third-party phone number. When you feel rushed, pause. Scammers rely on speed and emotion.
What this scam is really trying to do
This is a refund scam disguised as a security alert.
The goal is simple. Get you to call the fake support number. Once you are on the phone, the scammer may:
- Ask for your Apple ID password
- Request remote access to your computer
- Guide you through fake refund steps
- Steal banking or PayPal information
In many cases, victims lose far more than the fake $2,990 charge mentioned in the email.
How to check your Apple account safely
If you receive this type of message, pause. Then take control. Instead of clicking links in the email:
- Open a new browser window
- Type appleid.apple.com directly into the address bar
- Log in and review your account activity
If you did not generate an app-specific password and you see no suspicious charges, you are safe. You can also check your PayPal account directly by typing paypal.com into your browser. Never rely on links or phone numbers inside a suspicious email.
Apple app-specific password scam email checklist
Use this simple checklist the next time you get a scary email:
- The “To” field does not match your email
- The greeting says Dear Customer
- There is a large unexpected charge
- You are told to call a number immediately
- The topic feels mismatched, such as password plus payment
If several of these appear together, you are almost certainly dealing with a scam.
Why Apple and PayPal impersonation scams keep working
Apple has billions of users. PayPal has hundreds of millions more. Both brands are trusted, widely used and connected to sensitive financial information. When criminals attach Apple’s name to a message, people pay attention. When they add PayPal and a large dollar amount, the fear intensifies. That combination is powerful. It blends account security concerns with financial panic. Many people react before they pause to verify the details. That split second of fear is exactly where scammers make their money.
“PayPal does not tolerate fraudulent activity, and we work hard to protect our customers from evolving phishing scams,” a PayPal spokesperson told CyberGuy. “We always encourage consumers to practice vigilance online and to learn how to spot the warning signs of common fraud. We recommend reviewing our best practice tips for avoiding phishing schemes on the PayPal Newsroom, and contacting Customer Support directly through the PayPal app or our Contact page for assistance if you believe you have been targeted by a scam.”
CyberGuy also reached out to Apple for comment.
TAX SEASON SCAMS 2026: FAKE IRS MESSAGES STEALING IDENTITIES
The fraudulent message combines an app-specific password alert with a PayPal charge to create panic. (Christian Charisius/picture alliance via Getty Images)
How to protect yourself from Apple phishing emails
You can reduce your risk from an Apple app-specific password scam email with a few smart habits. These steps protect more than just your Apple account. They protect your entire digital life.
1) Use two-factor authentication
Enable two-factor authentication (2FA) on your Apple ID, PayPal and email accounts. Even if someone guesses your password, they still cannot log in without the second verification step. That extra layer blocks most account takeover attempts.
2) Never click links or call numbers in suspicious emails
If an email tells you to call support or click a link, stop. Instead, open a new browser window and type the official website address yourself. Go directly to appleid.apple.com or paypal.com. Also, make sure you have strong antivirus software installed on your devices. Strong antivirus tools can detect malicious links, block phishing sites and warn you before you land on a fake login page. That protection matters because one click on the wrong link can expose login credentials or install hidden malware. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
3) Watch for urgency and fear tactics
Scammers push urgency. They use large dollar amounts and phrases like unauthorized transaction to rush you. Pause when you feel panic. Review the details carefully. Legitimate companies do not pressure you into instant action.
4) Keep your devices updated
Install software updates on your phone and computer as soon as they become available. Security patches fix vulnerabilities that attackers exploit. Outdated software makes phishing and malware attacks easier to pull off.
5) Use a password manager and strong, unique passwords
Do not reuse passwords across accounts. If one site gets breached, reused passwords put everything else at risk. A password manager generates long, complex passwords and stores them securely. That way, even if scammers trick you into entering one password somewhere, it will not unlock your other accounts.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
6) Reduce your exposed personal information
Scammers often find your email address and personal details through data broker sites. Using a reputable data removal service can reduce how much of your personal information is publicly available online. When less of your data floats around the internet, criminals have fewer tools to target you with convincing phishing emails. Less exposure means fewer personalized scams landing in your inbox. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
7) Report the phishing email
Forward suspicious Apple impersonation emails to reportphishing@apple.com. You can also mark the message as phishing in your email provider. Reporting scams helps improve filters and protect other people from falling victim.
8) Monitor your financial accounts
Even if you did not click anything or call the number, review your bank, PayPal and Apple accounts for unusual activity over the next few days. Early detection limits damage. The faster you spot fraud, the easier it is to reverse.
9) Consider freezing your credit if information was exposed
If you entered personal information or downloaded anything suspicious, consider placing a free credit freeze with Equifax, Experian and TransUnion. A credit freeze prevents criminals from opening new accounts in your name. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.”
Kurt’s key takeaways
If you received an Apple app-specific password email with a $2,990 charge you did not authorize, trust your instincts. It is almost certainly a scam. Do not call the number. Do not click the links. Go directly to your official account pages and check for yourself. A few calm minutes can save you thousands of dollars and hours of stress.
When phishing scams use trusted brands like Apple so easily, is the tech industry truly staying ahead of cybercriminals? Let us know your thoughts by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Related Article
Microsoft Edge is adding a new feature that will allow its Copilot AI chatbot to gather information from all of your open tabs. When you start a conversation with Copilot, you can ask the chatbot questions about what’s in your tabs, compare the products you’re looking at, summarize your open articles, and more.
In its announcement, Microsoft says you can “select which experiences you want or leave off the ones you don’t.” The company is retiring Copilot Mode as well, which could similarly draw information from your tabs but offered some agentic features, like the ability to book a reservation on your behalf. Microsoft has since folded these agentic capabilities into its “Browse with Copilot” tool.
Several other AI features are coming to Edge, including an AI-powered “Study and Learn” mode that can turn the article you’re looking at into a study session or interactive quiz. There’s a new tool that turns your tabs into AI-powered podcasts as well, similar to what you’d find on NotebookLM, and an AI writing assistant that will pop up when you start entering text on a webpage.
You can also give Copilot permission to access your browsing history to provide more “relevant, high-quality answers,” according to Microsoft. Copilot in Edge on desktop and mobile will come with “long-term memory” as well, which can tailor its responses based on your previous conversations. And, when you open up a new tab, you’ll see a redesigned page that combines chat, search, and web navigation, along with the Journeys feature, which uses AI to organize your browsing history into categories that you can revisit.
Meanwhile, an update to Edge’s mobile app will allow you to share your screen with Copilot and talk through the questions about what you’re seeing. Microsoft says you’ll see “clear visual cues” when Copilot is active, “so you know when it’s taking an action, helping, listening, or viewing.”
NEWYou can now listen to Fox News articles!
If you bought a newer iPhone because Apple made Siri sound like it was about to become your personal artificial intelligence sidekick, you may want to pay attention.
Apple has agreed to pay $250 million to settle a class-action lawsuit over claims that it misled customers about new Apple Intelligence and Siri features. The case centers on the iPhone 16 launch and certain iPhone 15 models that were marketed as ready for Apple’s next wave of AI. The settlement still needs court approval, and Apple denies wrongdoing.
The lawsuit argues that Apple promoted a smarter, more personal Siri before those features were actually available. For some buyers, that was a big deal. A new iPhone can cost hundreds of dollars, and many people upgrade only when they think they are getting something meaningfully new.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
WHY IPHONE USERS ARE THE NEW PRIME SCAM TARGETS
U.S. buyers of certain iPhone 16 and iPhone 15 Pro models may qualify for payments if a judge approves Apple’s proposed settlement. (Getty Images)
What Apple is accused of promising
Apple introduced Apple Intelligence in June 2024 and promoted it as a major step forward for iPhone, iPad and Mac. A key part of that pitch was a more personalized Siri that could understand context, work across apps and help with everyday tasks in a more useful way.
The lawsuit claims Apple’s marketing made consumers believe those advanced Siri features would arrive with the iPhone 16 or soon after. Instead, buyers received phones that had some Apple Intelligence tools, but not the full Siri overhaul that many expected.
That gap is the heart of the case. Plaintiffs say customers bought or upgraded devices based on AI features that were not ready. Apple says it has rolled out many Apple Intelligence features and settled the case, so it can stay focused on its products.
How much money could iPhone owners get?
The proposed settlement creates a $250 million fund. Eligible customers who file approved claims are expected to receive at least $25 per eligible device. That amount could rise to as much as $95 per device, depending on how many people file claims and other settlement factors.
That means this will not be a huge payday for most people. Still, if you bought one of the covered phones, it may be worth watching for a claim notice. A few minutes of paperwork could put some money back in your pocket.
Which iPhones may qualify?
The proposed settlement covers U.S. buyers who purchased any iPhone 16 model, iPhone 15 Pro or iPhone 15 Pro Max between June 10, 2024, and March 29, 2025.
Covered iPhone 16 models include the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, iPhone 16 Pro Max and iPhone 16e. The settlement also includes the iPhone 15 Pro and iPhone 15 Pro Max, but not every iPhone 15 model.
The key details are the device model, the purchase date and whether the phone was bought in the United States.
HOW YOU CAN GET A SLICE OF APPLE’S $250M IPHONE SETTLEMENT
Apple has agreed to pay $250 million to settle claims it misled customers about Apple Intelligence and Siri features on newer iPhones. (Michael Nagle/Bloomberg)
How will you file a claim?
You do not need to do anything immediately. The settlement still needs a judge’s approval. Once the claims process opens, eligible customers are expected to receive a notice by email or mail with instructions on how to file through a settlement website.
That notice matters because scammers love moments like this. A real settlement notice should not ask for your Apple ID password, bank login or payment to claim your money. If you receive a message about this settlement, do not click blindly. Go slowly, check the sender and look for the official settlement administrator details once they are available.
Why this case matters beyond one Siri feature
This case hits a bigger nerve. Tech companies are racing to sell AI as the next must-have feature. That creates a problem for shoppers. You are often asked to buy now based on what a company says will arrive later.
That can be frustrating when the feature is the reason you upgraded. A smarter Siri sounds useful. A phone that can understand your personal context, search across apps and help with daily tasks could save time. But if those tools are delayed, limited or missing, the value of the upgrade changes.
This settlement also sends a message about AI marketing. Companies can talk about future features, but consumers need clear timing and plain explanations. “Coming soon” can mean very different things when you are spending $800, $1,000 or more.
We reached out to Apple for comment, but did not hear back before our deadline.
FIRST 15 THINGS TO DO OR TRY FIRST WHEN YOU GET A NEW IPHONE
Apple denies wrongdoing but agreed to settle claims tied to its marketing of Apple Intelligence and Siri features. (Qilai Shen/Bloomberg)
What this means to you
If you bought a covered iPhone during the settlement period, keep an eye on your email and regular mail. You may qualify for a payment if the court approves the deal.
You should also keep your receipt or proof of purchase if you have it. Your Apple purchase history, carrier account or retailer receipt may help if the claim process asks for details.
More broadly, this is a reminder to treat AI features like any other big tech promise. Before you upgrade, ask one simple question: Can the feature do what is being advertised today, or is the company asking me to wait?
That question can save you from buying a device for a future feature that may arrive much later than expected.
Take my quiz: How safe is your online security?
Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my quiz here: CyberGuy.com.
Kurt’s key takeaways
Apple has built its brand on making technology feel polished, personal and easy to use. That is why this Siri settlement hits a nerve. People were buying phones they use every day for texts, photos, directions, reminders and everything in between. Many expected AI to make those everyday tasks easier, which is why the delay felt frustrating. The proposed payout may be modest, but the bigger issue is trust. When a company sells AI as a reason to upgrade, customers deserve to know what actually works now and what is still coming later.
Would you still buy a new phone for promised AI features, or would you wait until they actually show up? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Instagram is once again cribbing from competitors like Snapchat and BeReal with a new photo-sharing format it calls “Instants,” which are ephemeral photos that you can’t edit and that you can only share with your close friends or followers that follow you back. Instants are available globally beginning on Wednesday as a feature in the inbox in the Instagram app and as a separate app that’s now in testing in select countries.
To access Instants from the Instagram app, go to your DM inbox and look in the bottom-right corner for an icon or a stack of photos. After you post a photo, your friends can emoji react to it and send a reply to your DMs, but after they see it, the photo disappears for them. Instants also disappear after 24 hours, and they can’t be captured in screenshots or screen recordings.
However, your Instants will remain in an archive for you for up to a year, and you can reshare them as a recap to your Instagram Stories if you’d like. You can also undo sending an Instant right after you post it or delete it from your archive.
The Instants mobile app, which popped up in Italy and Spain in April, gives you “immediate access to the camera” and only requires an Instagram account, Instagram says. “Instants you share on the separate app will show up for friends on Instagram and vice versa. We’re trying this separate app out to see how our community uses it, and we’ll continue to evolve it as we learn more.”
Instagram, in its testing, has seen that people “tend to use Instants to share much more casual, much more authentic moments about their day,” according to Instagram boss Adam Mosseri. “And we know that this type of sharing of personal moments with friends is a core part of what makes Instagram Instagram, but we also know that a lot of people don’t really share a lot to their profile grids anymore.”
-
Arizona3 minutes agoArizona’s mountain rollercoasters are open for season. How to ride
-
Arkansas9 minutes agoArkansas Storm Team Forecast: Rain chances return; low to start but higher next week
-
California15 minutes agoOpinion | California will make less money from greenhouse gas emission auctions
-
Colorado21 minutes agoLive: Day 1 of Colorado high school state track and field meet
-
Connecticut27 minutes agoBUILDing Connecticut’s Capital City: Unique UConn Course Celebrates Five Years of Partnership, Collaboration, and Hartford Stories – UConn Today
-
Delaware33 minutes agoHistory of Delaware outdoor track and field state championships
-
Florida39 minutes agoLake O had 81 algal blooms in 2 years near Florida slaughterhouse site
-
Georgia45 minutes agoGeorgia Power proposal comes as summer cooling costs are expected to rise