Apple "Security Alert" text scam: don't call that number
A wave of fake Apple "Security Alert" and "Apple Pay transaction blocked" texts is surging in June 2026. Unlike the usual phishing link, the payload here is a phone number. Call it, and a fake "Apple Billing" agent talks your Apple ID and card out of you.
Verdict: scam.
Apple does not text you to call a number about a blocked payment or a "security alert." Apple Support never sends unsolicited texts asking you to call a number or click a link to fix your account. If a text shows a fake amount, a store name, and a case ID and tells you to dial a number to dispute it, do not call. Open Settings > your name, or type appleid.apple.com yourself, to check your account.
What the text looks like
The message lands as an SMS or iMessage and reads like a real fraud alert. A typical one:
"Apple Security Alert: Apple Pay was used at BEST BUY for $499.00. Transaction blocked. If you did not authorize this, call Apple Fraud Prevention now at +1 (8xx) xxx-xxxx. Case ID: AP-7741920."
Everything in it is engineered to make you dial. The fake amount is high enough to scare you. The store name feels specific. The "case ID" looks official. And the instruction is not "click a link" but "call a number," which feels safer to most people than tapping an unknown URL. That is the whole trick.
This is callback phishing, sometimes called TOAD (telephone-oriented attack delivery). The scam's center of gravity is a phone call, not a website. Security companies have flagged a sharp rise in this exact Apple variant: TrendMicro wrote it up on April 23, 2026, ConsumerAffairs ran an "Apple High Alert" piece on May 19, 2026, and TechRadar reported the blocked-Apple-Pay version hitting users at scale. Apple is the second most-impersonated brand in the world right now, behind only Microsoft, per Check Point's Q1 2026 Brand Phishing Report.
What happens when you call the number
You do not reach Apple. You reach a person reading from a script in a fake "Apple Billing" or "Apple Fraud Prevention" call center. The conversation is the attack. It usually goes like this:
- They confirm the fake charge to anchor your panic. "Yes, I see a $499 Apple Pay charge at Best Buy in another state. Let me reverse it for you."
- They ask you to "verify your identity." This is where they harvest your Apple ID email and password, reading them straight into their own login screen.
- They trigger a real Apple 2FA prompt by trying to sign in as you, then ask you to read back the six-digit code "to confirm it's really you." Handing over that code completes their login.
- They push for card details "to process the refund," or ask you to install a remote-access app so they can "secure your device," or steer you toward buying gift cards to "hold" your account.
None of that is how Apple works. Apple does not cold-call you, does not ask for your password or a 2FA code over the phone, and never asks for payment in gift cards. A 2FA code is a one-time key to your account. Anyone who phones and asks you to read it out is trying to break in.
Why this dodges link scanners
Most phishing defenses look for a bad link. Callback scams remove the link on purpose. There is often nothing to scan in the text itself, just a phone number, so URL filters and "don't click suspicious links" advice slide right past it. The defense is not link-checking. It is verifying the channel: never act on the contact details inside the message. Look up Apple's real contact path yourself.
Where the campaign does include a link (some versions pair the text with an email or a "view transaction" URL), it points to a lookalike Apple-ID page that harvests your password and 2FA code. An example of the kind of domain these use, defanged so it is not clickable: apple-billing-verify[.]xyz or applepay-dispute[.]support. These are not Apple. The only domains Apple uses for account sign-in and management are apple.com, appleid.apple.com, and support.apple.com.
How to spot it in 10 seconds
- It tells you to call a number. Apple does not text you a number to call about your account. This single feature is enough to treat the message as a scam.
- A scary specific amount and a "case ID." The fake charge ($499, $899, "Apple Pay at Walmart/Best Buy/Target") and an official-looking reference number are pure theater to rush you.
- Urgency. "Transaction blocked," "act now," "your account will be suspended." Real Apple notices do not pressure you to phone a hotline immediately.
- Sender mismatch. It arrives from a random mobile number or an unfamiliar email-to-text address, not from Apple's verified messaging. Note that even a clean-looking sender proves nothing, since the From line on a text or email is easy to spoof.
- It asks for a password, a code, or card details. On the call or on a linked page, any request for your Apple ID password, a verification code, or card numbers is the tell. Apple never asks for these.
- Gift cards or remote access. If the "agent" steers you toward buying gift cards or installing an app to share your screen, hang up. That is a scam, every time.
Got a link version of this text? Check it here
Callback scams hide the payload in a phone number, so often there is no link to scan. But if your text or email includes a "view transaction" or "verify" URL, paste it below. Our 3-layer engine (Local + APIs + AI) returns a verdict in ~3 seconds. Free, no signup.
The right way to verify an Apple alert
The fix is simple: never use the number or link in the message. Use a path you choose yourself.
- Do not call the number in the text. Do not tap any link in it either. Treat the whole message as untrusted.
- Open Settings on your iPhone or iPad, then tap your name at the top. A genuine account or billing issue shows up here with a red badge. No badge means there is nothing wrong, no matter what the text claims.
- To check real charges, open the App Store, tap your photo, then Purchase History, or review your card statement directly with your bank's app. Apple Pay transactions also appear in the Wallet app.
- Go to appleid.apple.com by typing it yourself. Sign in there to review devices and security. If there were a real lock or alert, the real page tells you, not a text.
- If you want Apple, get the number from support.apple.com directly. Never the number a text handed you.
If you already called or gave information
Move fast. Attackers use stolen Apple ID credentials within minutes. Work down this list in order.
- Change your Apple ID password now at appleid.apple.com or in Settings > [your name] > Sign-In & Security > Change Password. Use a long, unique password you have not used elsewhere.
- If you read out a 2FA code, assume they got into your account. Change the password first, then review and remove any unfamiliar trusted devices in Settings > [your name].
- Call your bank or card issuer if you shared card details, and freeze or replace the card. If you sent money or bought gift cards, tell them immediately and keep the receipts.
- If you installed a remote-access app, delete it, then change passwords from a different, trusted device. Run a security check on the device.
- Review Apple ID payment methods and recent purchases in Settings and the App Store. Report unauthorized charges at reportaproblem.apple.com.
- Report the scam using the channels below so the number and any pages get taken down faster.
If you are still shaken and unsure what to handle first, our step-by-step guide on what to do right after a scam walks through it in order.
How to report a fake Apple text
- Report it to Apple. Take a screenshot of the text and email it to [email protected]. If it came as an iMessage, you can also tap Report Junk under the message, which sends it to Apple and deletes it.
- Forward the text to 7726 (SPAM) so your wireless carrier can block the sender.
- File with the FTC at reportfraud.ftc.gov.
- If you lost money or shared account details, file with the FBI at ic3.gov.
Why callback scams are spreading
Phishing got harder for attackers as inbox filters and link scanners improved. So they moved the payload off the wire and onto the phone. A text with no link sails through SMS filters. A live human on the call can adapt to your doubts in real time, reassure you, walk you past every hesitation, and apply pressure no static phishing page ever could.
Apple branding is the perfect cover because the Apple ID is a master key: iCloud photos and backups, Apple Pay cards, App Store subscriptions, Find My device locations, and the iCloud Keychain that auto-fills your other passwords. One compromised Apple ID can cascade into your bank, your email, and your other logins. That leverage is exactly why Apple sits at number two on the most-impersonated list, and why the "call this number" lure keeps getting reused.
Where SafeBrowz fits, honestly
A browser extension cannot block a phone call, and we are not going to pretend otherwise. When the payload is purely a phone number, the real defense is the rule in this article: never dial the number a message gives you, and verify Apple through Settings or appleid.apple.com directly.
Where SafeBrowz does help is the link version of this attack. Many of these texts pair with an email or a "view transaction" URL that opens a lookalike Apple-ID page built to harvest your password and 2FA code. That is exactly what a browser-layer scanner is for: it recognizes an Apple sign-in form sitting on a non-apple.com domain and warns you before you type anything.
Frequently asked questions
Is the Apple Security Alert text real?
No. Apple does not send unsolicited "Security Alert" texts telling you to call a number or tap a link to fix your account. A text with a fake charge, a case ID, and a phone number to dispute it is a callback phishing scam. Verify any account claim by opening Settings > your name, or by typing appleid.apple.com yourself, never by using the number or link in the message.
Does Apple text you about a blocked Apple Pay transaction?
No. Apple does not text or call you out of the blue about a blocked Apple Pay charge and ask you to phone a hotline. Apple Pay activity shows up in your Wallet app and on your card statement. If you want to check a charge, open the Wallet app or your bank's app directly, and ignore any number a text gives you.
I called the number and gave my Apple ID code. What now?
Act immediately. Change your Apple ID password at appleid.apple.com or in Settings > your name > Sign-In & Security. Then review and remove any trusted devices you do not recognize. If you shared card details, call your bank and freeze the card. If you installed any app they asked you to, delete it and change passwords from a different device. Then report the scam to Apple and the FTC.
How do I report a fake Apple text?
Take a screenshot of the text and email it to [email protected]. If it arrived as an iMessage, you can also tap Report Junk under it. Forward the message to 7726 so your carrier can block the sender, file a report at reportfraud.ftc.gov, and if you lost money or shared account details, file with the FBI at ic3.gov.
Will Apple ever call me about my account?
Apple does not make unsolicited calls about account security, billing, or a "blocked transaction." If you contacted Apple first through an official channel, a real callback can follow, but Apple will still never ask for your password, a 2FA code, or payment in gift cards. Any caller who asks for those is a scammer, even if your caller ID shows "Apple."
The text came from an icloud.com or apple-looking sender. Does that make it real?
No. The sender on a text or email is easy to spoof, so a clean-looking From line tells you nothing. Judge the message by what it asks you to do. Anything pushing you to call a number, tap a link, or hand over a password or code is a red flag. Verify Apple only through Settings or by typing appleid.apple.com yourself.
Related reading
- "Your Apple ID has been locked" email scam - the link-based cousin of this text scam
- Apple Pay request scam - fraudulent money requests through Apple Pay
- Phone call and voice scams: the vishing guide - how live-agent scams pressure you
- Compromised iCloud / Apple popup tech-support scam - the fake "call us" popup version
- How to tell if a website is a scam - for the lookalike-page variant
Bottom line: Apple does not text you to call a number. A "Security Alert" or blocked-Apple-Pay text with a fake charge, a case ID, and a hotline is callback phishing. Do not call the number, do not tap the link, screenshot it for [email protected], and verify your account only at appleid.apple.com or in Settings.
How SafeBrowz blocks this threat
SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.
- Layer 1 - Local detection: 60+ URL patterns + 550+ brand-specific signatures (including Apple lookalikes and homograph variants) + community whitelist/blacklist, all running in the extension before the page renders. It flags fake apple-billing, applepay-dispute, and appleid-verify style domains the moment a linked version of this scam is opened.
- Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus, ScamAdviser, and 30+ scam TLDs for known malicious domains.
- Layer 3 - AI deep scan (Premium): 100+ language content analysis catches a brand-new lookalike Apple-ID page that no list has seen yet, including an Apple login form sitting on a non-apple.com domain.
Honest scope: a browser extension cannot intercept a phone call, and callback scams hide the payload in a number, so for the call-only version the defense is the rule in this article, verifying through Settings or appleid.apple.com directly. SafeBrowz covers the link side, the lookalike Apple-ID page where you would otherwise type your password. It works across Chrome, Firefox, and Edge, with Safari pending. Detection signatures come from threat-intelligence research and our brand database, not from user browsing data. Per-user URL history is never stored.
Install SafeBrowz free
Add the browser extension, or the SafeBrowz Android app, that scans the lookalike Apple-ID pages these texts link to, on every page, before it renders. Free forever. $14.99/year unlocks AI deep scan.
Add to Chrome
Add to Firefox
Add to Edge
Get it on Google Play