If you received an email from “[email protected]” or saw the address mentioned online, it’s not Apple. This sender is commonly used in phishing campaigns that impersonate the Apple Store with fake receipts or account alerts. Below is how to verify, report it, and secure your account.
Why “[email protected]” isn’t Apple
Apple sends official mail from Apple‑owned domains (apple.com subdomains), not public webmail like @usa.com. Attackers rotate look‑alike senders during coordinated waves, which is why this address pops up repeatedly across inboxes and forums.
How to spot this scam fast
- Unexpected “order” or “receipt” you don’t recognize.
- Urgent language about account lockouts, refunds, or “approval notices.” For context, see our coverage of similar Apple scams like the Apple Approval Notice and the follow‑up wave.
- Links that don’t go to Apple domains or that mask their destination. On iPhone, long‑press a link to preview the URL; on Mac, hover to see the status bar.
- Sender domain isn’t Apple (e.g., anything ending in @usa.com).
- Requests for passwords, two‑factor codes, or payment info.
What to do now
- Don’t click links or open attachments.
- Verify purchases safely. Check your orders in the Apple Store app or your Apple Account directly — not via the email. If in doubt, secure your account: reset your Apple ID password or follow our full Apple ID recovery guide.
- Report the message. Forward suspicious emails to
[email protected]. We’ve covered Apple’s reporting path in our earlier piece on an insideapple.apple.com email scam. - Harden your account. Turn on two‑factor authentication and consider security keys for Apple ID: set up Security Keys and review our Apple ID security checklist.
Where you might see this address
- Your inbox: as the visible “From” in a fake Apple receipt.
- Search suggestions: after many people look up the address to see if it’s legit.
- Social posts & forums: screenshots or threads warning about the sender.
- Spam folder: some clients filter it automatically, but don’t rely on that.
Related guides
- Avoid “GetSupport.Apple.com” text/email scams
- How scammers force phishing texts onto phones
- Email is still the #1 attack vector — protect yourself
- Sign into your Apple Account safely
FAQ
Can Apple ever use @usa.com? No — that isn’t an Apple‑owned domain. Treat it as untrusted.
Where should I report suspicious emails? Forward them to [email protected], then delete the message. If you entered credentials, change your Apple ID password immediately and enable two‑factor authentication.