Technology

Real Apple support emails used in new phishing scam

Published

3 months ago

December 1, 2025

Real Apple support emails used in new phishing scam

NEWYou can now listen to Fox News articles!

A new phishing scam is getting a lot of attention because it uses real Apple Support tickets to trick people into giving up their accounts. Broadcom’s Eric Moret shared how he nearly lost his entire Apple account after trusting what looked like official communication. He described the full experience in a detailed post on Medium, where he walked through the scam step by step.

This scheme stands out because the scammers relied on Apple’s own support system to make their messages look legitimate. They created an experience that felt polished and professional from the first alert to the final phone call. Here’s how the scam unfolded.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

THE #1 GOOGLE SEARCH SCAM EVERYONE FALLS FOR

Scammers are exploiting real Apple Support tickets to trick users into handing over their accounts, experts warn. (Photo by STR/NurPhoto via Getty Images)

How the scam starts

Moret first received a flood of alerts. These included two-factor authentication notifications that claimed someone was trying to access his iCloud account. Within minutes, he got phone calls from calm, helpful callers who claimed to be Apple agents ready to fix the issue.

The twist is how convincing the entire setup felt. The scammers were able to exploit a flaw in Apple’s Support system that lets anyone create a genuine support ticket without verification. They opened a real Apple Support case in his name, which triggered official emails from an Apple domain. This built instant trust and lowered Moret’s guard.

How scammers gained access to the account

During a 25-minute call, the fake agents guided Moret through what they said would secure his account. They walked him through the steps to reset his iCloud password. They also told him a link would follow so he could close the case.

That link took him to a fake site called appeal apple dot com. The page looked official and claimed his account was being secured. It then told him to enter a six-digit code sent by text to finish the process.

When Moret entered that code, the scammers got exactly what they needed to sign into his account.

He then got an alert that his Apple ID had been used to sign into a Mac mini he did not own. That confirmed the takeover attempt. Even though the scammer on the phone said this was normal, he trusted his instinct. He reset his password again, which kicked them out and stopped the attack.

BEWARE FAKE CREDIT CARD ACCOUNT RESTRICTION SCAMS

A Broadcom executive says he nearly lost access to his Apple ID after trusting a fraudulent support call that looked legitimate. (Photo by Jakub Porzycki/NurPhoto via Getty Images)

How to protect yourself from the Apple Support ticket scam

This type of scam works because it feels real. The messages look official, and the callers sound trained. Still, you can stay safer by watching out for signs that something is off.

1) Verify support tickets inside your Apple account

Scammers created a real-looking ticket to make the entire experience seem legitimate. You can confirm what’s real by checking directly with Apple. Sign in at appleid.apple.com or open the Apple Support app to view your recent cases. If the case number isn’t listed there, the message is fake, even if the email comes from an Apple domain.

2) Hang up and call Apple yourself

Never stay on a call that you did not initiate. Scammers rely on long conversations to build trust and pressure you into quick decisions. Hang up right away and call Apple Support directly at 1-800-275-2273 or through the Support app. A real agent will quickly confirm whether anything is wrong.

3) Check your Apple ID device list

If something feels off, look at the devices signed into your account. Go to Settings, tap your name and scroll to see all devices linked to your Apple ID. Remove anything you don’t recognize. This step can stop attackers fast if they’ve managed to get in.

4) Never share verification codes

No real support agent will ever ask for your two-factor authentication codes. Treat any request for these codes as a major warning.

5) Check every link carefully

Look closely at URLs. Fake sites often add extra words or change formatting to appear real. Apple will never send you to a site like appeal apple dot com.

SCAMMERS ARE ABUSING ICLOUD CALENDAR TO SEND PHISHING EMAILS

Criminals are using Apple’s own support system to generate real case emails that build false confidence with victims. (Photo by Fairfax Media via Getty Images via Getty Images)

6) Use strong antivirus software

Strong antivirus software can spot dangerous links, unsafe sites, and fake support messages before you tap them. Anti-phishing tools are especially important with scams like this one since the attackers used a fake site and real ticket emails to trick victims.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

7) Use a data removal service

Data brokers collect your phone number, home address, email, and other details that scammers use to personalize attacks. A data removal service can wipe much of that information from broker sites, which makes you a harder target for social engineering attempts like the one described in this article.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

8) Turn on strong multi-layer protection

Keep two-factor authentication (2FA) on for every major account. This creates a barrier that quickly stops attackers.

9) Slow down before reacting

Scammers want you to panic. Pause before you act. Trust your instinct when something feels rushed or strange. A short delay could save your entire account.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

This scam shows how convincing criminals can be when they exploit real systems. Even careful users can fall for messages that look official and calls that sound professional. The best defense is to stay alert and take a moment before responding to anything unexpected. When you slow down, double-check support tickets, and never share verification codes, you make yourself far harder to fool. Adding layers like antivirus protection and data removal services also gives you more control over what attackers can access. These simple habits can stop even the most polished scams before they get to your accounts.

What would you do if you got a support call that felt real but didn’t seem right? Let us know by writing to us at Cyberguy.com

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Related Topics:apple email Featured Privacy Security

Click to comment

Technology

Polymarket defends its decision to allow betting on war as ‘invaluable’

Published

3 hours ago

February 28, 2026

Press Room

Polymarket defends its decision to allow betting on war as ‘invaluable’

It might be World War III, but at least I won $20. | Image: Polymarket / The Verge

Polymarket has been allowing people to bet on when the US would strike Iran next. Obviously, now that it’s actually happened and people have died, the prediction betting market is feeling some pressure. The site has been at the center of controversy before, including suspicions of insider trading on the Super Bowl halftime show and the capture of Venezuelan President Nicolás Maduro.

In a statement posted on its site, Polymarket defended its decision to allow betting on the potential start of a war, saying that it was an “invaluable” source of news and answers, before taking shots at traditional media and Elon Musk’s X. The statement reads:

…

Read the full story at The Verge.

Technology

Google dropped dark web monitoring: Should you care?

Published

4 hours ago

February 28, 2026

Press Room

Google dropped dark web monitoring: Should you care?

NEWYou can now listen to Fox News articles!

Google has officially discontinued its Dark Web Report feature, a free tool that once scanned known dark web breach dumps for personal information tied to a user’s Google account. The service delivered notifications when email addresses and other identifiers appeared in leaked datasets.

According to Google’s support page, the system ceased scanning for new dark web data Jan. 15, 2026, and the reporting function was removed entirely on Feb. 16, 2026, meaning users can no longer access the feature.

The company said the decision reflects a shift toward security tools it believes provide clearer guidance after exposure, rather than standalone scan alerts.

If you previously relied on the free dark web scan as an early warning signal for leaked data, this change removes one of your sources.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Google officially ended its Dark Web Report tool, removing free breach alerts tied to user accounts. (Kurt “CyberGuy” Knutsson)

So what did users really lose?

Google’s Dark Web Report acted as a basic exposure scanner. It checked whether personal information linked to a Google account had surfaced in known breach collections circulating on the dark web.

When a match is found, users receive a notification identifying which type of data appeared in a leak. Depending on the data breach, that could include an email address, phone number, date of birth or other identifying details commonly harvested during large-scale hacks.

The report did not display stolen credentials or provide access to the leaked database itself. It also did not trace the origin of the compromise beyond referencing the breached service when available.

After an alert was issued, the next steps were left to the user. Google recommended actions such as changing passwords, enabling stronger authentication methods and reviewing account security settings. With the tool now removed, that automated breach check tied directly to a Google account is no longer available.

What you still have access to

Google directs users to its Security Checkup, a dashboard that scans your account for weak settings and unusual sign-in activity.

Its built-in Password Manager includes Password Checkup, which scans saved credentials against known breach databases and prompts you to change exposed passwords. Google also supports passkeys and two-factor verification to lock down account access.

The Results About You tool lets users search for personal information in Google Search and submit removal requests for certain publicly indexed details.

149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK

Without the automatic scan, users must now check for leaked data using other security tools. (iStock)

Alerts don’t always mean protection

Once personal information is compromised, it often ends up far beyond the breach itself. Stolen credentials and identity data are regularly trafficked on underground platforms where buyers can search for information tied to real people.

The BidenCash dark web marketplace was taken down by U.S. authorities in June 2025, and the Justice Department confirmed that the platform peddled stolen personal information and credit card data.

These illicit markets operate with a level of organization not unlike legitimate online stores. Search tools and bulk data sets are up for grabs and can be used to target any online account. This makes credential stuffing easier, where attackers test leaked passwords across multiple services in hopes of barreling into your account.

A breach alert tied to a dark web scan points to a leak at one moment in time; it does not follow whether that information has been sold to third parties or used in subsequent fraud attempts. For everyday users, this means that just knowing your data appeared in a leak doesn’t help much.

THINK YOUR NEW YEAR’S PRIVACY RESET WORKED? THINK AGAIN

Stolen personal information can circulate for years, making ongoing monitoring more important than a one-time alert. (Kurt “CyberGuy” Knutsson)

Identity monitoring may be a better option

With Google’s scan gone, some people may consider dedicated identity protection services instead. Many of these services offer continuous monitoring of your personally identifiable information and send alerts about changes to your credit reports from all three major U.S. credit bureaus. That can include notifications about new inquiries, newly opened accounts and monthly credit score updates. Some plans also monitor a broader range of personal identifiers, such as driver’s license numbers, passport numbers and email addresses.

Beyond credit monitoring, certain services track linked bank, credit card and investment accounts for unusual activity. They may also monitor public records for changes to addresses or property titles and alert you if your information appears in those filings.

Many providers include identity theft insurance to help cover eligible out-of-pocket recovery costs. Coverage limits vary by plan and provider. Additional features often include spam call and message protection, a password manager, a virtual private network (VPN) and antivirus software.

No service can prevent every form of identity theft. However, ongoing monitoring and recovery support can make it easier to respond quickly if your information is misused.

See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.

Kurt’s key takeaways

Google’s decision to drop its Dark Web Report may seem small. But it removes a tool many users relied on. For some, those alerts were the first warning that their data appeared in a breach. That automatic scan is now gone. Google still offers Security Checkup, Password Checkup, passkeys and two-step verification. However, none of them actively scan dark web breach dumps for you. Stolen data does not disappear. Criminals copy, sell and reuse it. One alert shows a single moment. Ongoing identity theft monitoring helps you stay aware over time.

Now that Google has dropped its dark web monitoring feature, will you actively check your data exposure or assume someone else is watching it for you? Let us know your thoughts by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Technology

Xiaomi 17 is a small(ish) phone with a big(ish) battery

Published

15 hours ago

February 28, 2026

Press Room

Xiaomi 17 is a small(ish) phone with a big(ish) battery

Xiaomi has just given a global launch to two of its latest flagship phones, the Xiaomi 17 and 17 Ultra, along with a Leica-branded Leitzphone edition of the Ultra. There’s no sign, however, of the 17 Pro, which launched in China with an additional display mounted next to the rear cameras.

The 17 and 17 Ultra will apparently be available soon in the UK, Europe, and select other markets. The 17 — pitched as a rival to the likes of the iPhone 17 and Samsung Galaxy S26 — will cost £899 / €999 (about $1,200), while the larger and more capable Ultra starts from £1,299 / €1,499 ($1,750). The limited-edition Leitzphone will be substantially more expensive at £1,699 / €1,999 ($2,300), though it includes 16GB of RAM and 1TB of storage, along with a few extra accessories.

I like the simple, sleek aesthetic of the phone.

Photo of Xiaomi 17 homescreen on a wooden table outdoors

The 6.3-inch display isn’t tiny, but it does make the phone small by modern standards.

All three of the phone’s rear cameras are 50-megapixel.

The 17 is an extremely capable small-ish flagship, with a 6.3-inch OLED display, Qualcomm Snapdragon 8 Elite Gen 5, and large 6,330mAh silicon-carbon battery (though sadly smaller than the 7,000mAh version launched in China). I won’t be writing a full review of the 17, but did spend a week using it as my main phone, and found that the battery cruised past the full-day mark, though wasn’t quite enough for two full days of my typical usage. That’s far better battery life than you’d find in similarly sized phones from Apple, Samsung, or Google.

The cameras impress too, with 50-megapixel sensors behind each of the four lenses, selfie included. Pound for pound, you won’t find many better camera systems in any phone this size.

1/10

I’ve been largely impressed by the Xiaomi 17’s cameras.

The Ultra, unsurprisingly, takes things to another level. It’s much larger, with a 6.9-inch display, and weighs a hefty 218g. Despite that, the 6,000mAh is actually smaller, though I found it delivered pretty similar longevity.

Photo of Xiaomi 17 and 17 Ultra on a table, closeup on the cameras

The 17 Ultra is larger in just about every respect, but strangely has a smaller battery.

The enormous camera is, as ever for Xiaomi’s Ultra phones, the highlight. There are 50-megapixel sensors for each of the main, ultrawide, and selfie cameras, with a large 1-inch-type sensor behind the primary lens. The periscope telephoto is even more impressive: 200-megapixel resolution, a large 1/1.4-inch sensor, and continuous optical zoom from 3.2x to 4.3x, the equivalent of 75-100mm. Xiaomi isn’t the first to pull off a true zoom phone — Sony’s Xperia 1 IV got there first in 2022 — but the telephoto camera here is far more capable than that phone’s, with natural bokeh and impressive performance even in low light.

Photo of Xiaomi 17 Ultra Leitzphone outdoors

This is the Leica-branded Leitzphone version of the 17 Ultra.

The camera capabilities are supported by Xiaomi’s ongoing photography partner Leica, but it’s the pair’s Leitzphone that really emphasizes that. Slightly redesigned from the 17 Ultra Leica Edition that was released in China last December, this includes Leica branding across the hardware and software, a range of Leica filters and shooting styles, and a rotatable rear camera ring that can be used to control the zoom. It’s the first Leica Leitzphone produced by Xiaomi — after a trio of Japan-only Sharp models — and comes with additional branded accessories, including a case with a lens cap and a microfiber cleaning cloth.

Xiaomi has plenty of other announcements alongside the 17 series phones at MWC this year, including a super-slim magnetic power bank, the Pad 8 and Pad 8 Pro tablets, and a smart tag that supports both Google and Apple’s tech-tracking networks.

Photography by Dominic Preston / The Verge

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.