The Apple iPhone Scam Targeting Millions; Protect Yourself.

I got a message this week from a woman in our community; sharp, careful, not the type to fall for anything obvious. She forwarded me a text she had received that looked exactly like it came from Apple. Professional logo. Proper formatting. Polite but urgent tone. It said there was suspicious activity on her Apple Pay account and she needed to verify her identity immediately.

She almost clicked it.

She didn't, because something felt slightly off. But she told me she genuinely wasn't sure. And if she wasn't sure, I have a feeling a lot of you might not be either.

So let's talk about what's going on, because this one is more sophisticated than most.

What's Actually Happening Right Now

Apple has issued warnings about a scam that is actively hitting millions of iPhones.

It's not new exactly, but it has gotten significantly more sophisticated in 2026, and the number of people being hit is climbing fast.

The scam works through text messages that look like they're from Apple. They warn you about fraud on your Apple Pay account, or a problem with your Apple ID, or an unauthorized purchase you definitely didn't make.

Urgent. Official-looking. Scary enough to make you act without thinking.

That's the whole point.

The Trick That Makes This One Different

Here's the part I really want you to understand, because this is clever in a genuinely unsettling way.

Apple's iMessage has built-in protection that automatically disables links from unknown senders. You can see the link but you can't click it. It's greyed out. Apple does this on purpose to protect you from exactly this kind of thing.

So the scammers found a workaround.

The text message will say something like:

"Please reply Y to continue, or go to our website to manage your preferences."

Or: "Reply STOP to unsubscribe."

Sounds harmless, right? Like a standard opt-out.

It is not harmless. The moment you reply, even with the word STOP, Apple's system treats the sender as someone you have interacted with. Someone you know. And it re-enables the link.

You just unlocked the door for them.

What Happens If You Click

The link takes you to a fake Apple login page. And these pages are good. We're not talking about obvious, janky knockoffs anymore. These look exactly like Apple's real website; proper Apple logo, proper fonts, HTTPS padlock in the address bar, the whole thing.

You enter your Apple ID and password. Maybe your two-factor authentication code as well, because the fake site prompts you for that too.

And on the other end, someone sitting at a computer captures all of it in real time. Logs into your actual Apple account. Changes your password. And if you have a credit card or bank account linked to Apple Pay, they go to work immediately.

The whole thing can happen in minutes.

Who They Are Specifically Targeting

I'll be honest with you about something, because I think you deserve honesty over comfort.

Security researchers have specifically identified older iPhone users as the primary targets of this scam.

Not because older adults are less intelligent. That's not it at all. It's because older adults tend to trust the Apple brand deeply, and these scammers are exploiting exactly that trust. They know that someone who has used an iPhone for years and has never had a problem with Apple is more likely to take an Apple-branded warning seriously.

That trust is not a weakness. But it is something scammers are counting on. And knowing that is half the battle.

How to Protect Yourself — Right Now

Here's exactly what to do. None of this is complicated. Promise.

Rule 1: Never reply to an unsolicited text claiming to be from Apple. Ever.

Not "Y." Not "STOP." Not "NO." Nothing. Do not reply.

Apple does not communicate account problems through unsolicited text messages. Full stop. If Apple needs to reach you about your account, there will be a notification inside the Settings app on your phone, not a random text out of nowhere.

Rule 2: Never click a link in a text message about your Apple account.

Even if the link looks legitimate. Even if the message looks exactly like something Apple would send.

If you are worried there might be a real problem with your Apple account and sometimes there is, because real fraud happens, here's what you do instead; open the Settings app on your iPhone, tap your name at the top, and check your account directly. No link required.

Rule 3: Go to Apple's website directly if you're concerned.

Type apple.com into your browser yourself. Don't click anything. Go straight to the source.

Rule 4: Turn on Stolen Device Protection if you haven't already.

This is a setting Apple quietly added that adds an extra layer of security if someone tries to change your Apple ID password from an unfamiliar location. Here's how to turn it on:

1. Open Settings

   
   

2. Tap Face ID & Passcode (or Touch ID & Passcode)

   
   

3. Enter your passcode

   
   

4. Scroll down to Stolen Device Protection

   
   

5. Tap Turn On Protection

   
   

Done. Takes 45 seconds. Worth it.

Rule 5: Use a strong, unique password for your Apple ID — and turn on two-factor authentication.

If you're using the same password for Apple that you use for your email or your bank, please change it today. If two-factor authentication isn't turned on, go to Settings → your name → Password & Security → Two-Factor Authentication and turn it on.

I know. Passwords. Two-factor. Not exactly a fun afternoon. But one afternoon of setup versus a drained bank account, that's not a hard choice.

If You Think You Already Clicked

First, don't panic. But do move quickly.

Step 1: Go to appleid.apple.com — type it yourself, don't click any link — and change your Apple ID password immediately.

Step 2: Sign out of all devices. On the same page, you'll see a list of every device signed into your Apple account. Sign out of everything and sign back in fresh.

Step 3: If you entered any banking or credit card information, call your bank right now. Tell them what happened. Ask them to flag your account for unusual activity.

Step 4: Report it. In Canada, go to antifraudcentre-centreantifraude.ca. In the US, reportfraud.ftc.gov. In the UK, actionfraud.police.uk.

One Last Thing

The woman who messaged me this week? She forwarded that text to her daughter, her sister, and three friends before she'd even finished reading my reply.

That's the right instinct. Share this one. Stick it on your fridge if you have to. Because this scam is going to catch someone you care about if nobody says anything.

You just said something by reading this far.

➡️ Want to know the official resources for reporting any kind of fraud? [Read: How to Report a Scam — Canada, USA, UK and Europe].

➡️ Worried about what else might be on your phone without your knowledge? [Read: How to See Everything Google Knows About You Right Now].

Has anyone in our community received one of these Apple texts recently? Did something feel off about it, or did it look convincing? Drop a comment below. The more we share about what these actually look like, the harder they are to fall for.