Cybercriminals just discovered a clever way to sneak past email security filters and land directly in your main inbox, reports Bleeping Computer. They are now abusing the official Apple account alert system to send highly convincing phishing messages. By manipulating the automated emails that the tech giant sends out for routine profile updates, hackers successfully trick users into calling fake customer support hotlines to steal their money.
Attackers hide fake messages inside legitimate profile update emails
The core of this scam relies on tricking the official notification system. The attacker creates an account and types a custom phishing message directly into the name or address fields. For example, it might claim that an expensive new phone was just purchased on your account.
Next, the hacker triggers a routine security alert by changing a minor detail on that profile. When the system automatically generates an email to notify the user about the change, it includes the fake message. The victim simply sees a terrifying alert about a massive financial charge.
The emails bypass normal security filters because they are real
This method is incredibly dangerous because the warning email actually comes from a verified company server. It is not a spoofed address. Because the message originates from the official infrastructure, standard email security filters simply let it pass through into the primary inbox.
Most spam filters look for malicious web links or suspicious sender addresses. Since this message uses a trusted sender and asks the victim to call a phone number instead of clicking a link, the security tools see nothing wrong.
Never call the phone numbers listed inside these account alerts
This type of attack is known as callback phishing. The criminals want you to panic and call the fake customer service number listed in the email. Once you are on the phone, the scammers will try to steal your credit card details or convince you to install remote access software.
If you ever receive an unexpected email claiming a massive purchase was made, take a deep breath. Do not call the phone number provided in the message. Instead, log in to your account directly through a web browser to check your official purchase history.
