iPhone Scam Call ‘From Apple’

Spot the three dominant Apple-impersonation iPhone scam patterns in 2026 — Apple ID compromised, iCloud security alert pop-up, and Apple Support refund / billing — with the single rule that defeats them all.

Last reviewed: 13 May 2026 · ScamSupport research

The one rule that defeats every Apple scam call

Apple does not cold-call customers. Apple does not initiate phone contact about Apple ID security, iCloud breaches, suspicious sign-in attempts, account suspensions, or refunds. Any unsolicited phone call claiming to be from Apple, AppleCare, Apple Support, Apple Security, iCloud Support or any Apple-branded team is a scam, regardless of what the caller ID displays.

Apple-impersonation scam calls cost UK consumers tens of millions of pounds annually. The mechanic is consistent across all variants: caller ID is spoofed to display “Apple Inc” or a known Apple phone number, the scam plays on iPhone owner anxieties about Apple ID compromise, and the endgame is one of three outcomes — gift-card payment, “refund overpayment” reverse-fraud, or theft of Apple ID credentials enabling iCloud lockout extortion.

iPhone users are disproportionately targeted because the Apple ID is unusually high-value: linked payment methods, iCloud backups, Find My access to other family devices, App Store purchase history, and (for many) sole access to authentication apps. Apple ID takeover is one of the most consequential account compromises a UK consumer can suffer.

Three iPhone Apple-impersonation scam variants currently in circulation

Variant 1 — “Your Apple ID has been compromised” cold call

How it presents: An incoming call. The caller ID displays “Apple Inc”, “Apple Support” or a recognised Apple phone number (often the genuine Apple Support number, spoofed). An automated voice or a live agent says: “This is Apple Support. We’ve detected unauthorised access to your Apple ID from [country]. Press 1 / stay on the line to speak to an agent and secure your account.”

Red flags:

  • Apple does not cold-call customers. Real Apple security communications appear as in-app notifications inside the Apple ID settings on your device. They do not arrive as unsolicited phone calls.
  • Caller-ID spoofing is trivial. The displayed name and number can be set to anything. Even Apple’s genuine number (0800 048 0408) can be spoofed. The caller ID is not evidence the call is real.
  • Reference to suspicious sign-in from a foreign country. Real Apple does send sign-in notifications — but only to your registered email and inside your device’s notifications, never via phone call.
  • They will ask for your Apple ID password. Apple never asks for your password by phone, email, or text. The password request is the diagnostic moment.
  • They will ask you to install a remote-support tool. Apple Support uses Screen Recording or Apple Remote Desktop in customer-initiated sessions only — never installed via cold call.
  • The endgame is often Apple gift cards. A common variant ends with “to verify your identity, purchase £500 of Apple gift cards from the nearest shop and read me the codes”. This is the scam. Apple never accepts gift cards as ID verification.

Variant 2 — iCloud / Safari browser security alert pop-up

How it presents: While browsing on iPhone or iPad (often after tapping a suspicious link, watching streaming content on an irregular site, or visiting compromised sites), a full-screen Safari pop-up appears: “APPLE SECURITY ALERT — your iPhone has been hacked. iCloud data at risk. Call Apple Support immediately: 0800-XXX-XXXX.” The page may include a fake Apple logo, alarm tone, and prevent normal navigation.

Red flags:

  • iOS does not display security warnings via Safari pop-ups. Real iOS security notifications appear in the device’s Notification Center or in the Settings app, never as full-screen Safari pages.
  • Real Apple alerts never include a phone number to call. Apple does not display phone numbers in any security warning, ever.
  • The page tries to lock the browser. Repeated alert dialogues, audio loops, full-screen API tricks — all designed to discourage you from closing the tab. None of this is part of real iOS or Safari behaviour.
  • To dismiss: close the Safari tab, or force-quit Safari. On iPhone: swipe up from the bottom (or double-tap home on older models), swipe Safari up to close, reopen Safari. The pop-up has no persistence beyond the tab.
  • If you call the number: the same script as Variant 1 begins — password request, gift-card request, or remote-access install.
  • Clear Safari history and website data: Settings > Safari > Clear History and Website Data. This removes any cached scam pages.

Variant 3 — Fake Apple refund / billing scam (reverse refund pattern)

How it presents: An email or call claims you’re entitled to an unexpected refund for an Apple subscription / App Store purchase you didn’t make (or that “Apple processed by mistake”). The caller asks you to log in to your online banking to receive the refund. While remote-accessing via screen-share, they manipulate the display to show a larger refund than intended. They then claim they’ve refunded too much and ask you to wire the “extra” back to a foreign account or buy Apple gift cards to repay.

Red flags:

  • Apple does not refund via remote-access banking sessions. Real Apple refunds are credited to the original payment method automatically and visible in your Apple ID Account > Purchase History.
  • The displayed bank balance is manipulated, not real. Remote-access tools let the scammer show you a doctored view of your banking page. The “extra refund” never existed; the money you’re asked to send is your own.
  • Apple gift cards / wire transfer / crypto as the repayment route. No legitimate refund correction uses these channels. Apple itself doesn’t accept Apple gift cards as payment for refunds — the request is structurally impossible for a real Apple process.
  • This variant disproportionately targets older iPhone owners. The combination of a believable Apple-billing narrative + screen-share manipulation is among the highest-loss-per-victim patterns. Talk to older relatives about it specifically.
  • Real Apple billing-dispute is initiated by you at reportaproblem.apple.com — the official site for refund requests on App Store and subscription charges. Real disputes never require remote access to your computer.

What real Apple Support actually looks like

  1. Customer-initiated only. You contact Apple via support.apple.com, the Apple Support app, or the genuine UK number 0800 048 0408 (verified at support.apple.com/en-gb). Apple does not phone you out of the blue.
  2. Real Apple ID security alerts appear inside the Apple ID Settings on your device. Go to Settings > [Your Name] > Sign-In & Security > Account Security. Real alerts are visible here. If they’re not, the SMS / call / pop-up is fake.
  3. Real Apple never asks for your password. Genuine Apple Support uses other verification methods (security questions, device-based authentication, in-store ID verification at the Apple Store Genius Bar).
  4. Real Apple never asks for gift cards as payment. Apple does not accept Apple gift cards as ID verification, account security, refund repayment, or any other Apple Support process.
  5. Real Apple billing disputes are processed via reportaproblem.apple.com — not via phone, email link, or screen-share.

What to do during a suspected Apple scam call

  1. Hang up. Don’t engage, don’t challenge, don’t explain why you know. Just hang up.
  2. If a Safari pop-up is on screen: close the tab. Force-quit Safari if needed. Clear Safari history and website data (Settings > Safari > Clear History and Website Data).
  3. If you’ve already engaged and shared your Apple ID password: change it immediately at appleid.apple.com. Enable two-factor authentication if it isn’t already on. Sign out all devices except the one you’re using.
  4. If they installed any remote-access app: on iPhone, this is rare (iOS doesn’t generally support arbitrary remote access). But check Settings > General > VPN & Device Management for any installed profiles you don’t recognise. Remove any unfamiliar profile. On Mac: open Activity Monitor and check for AnyDesk / TeamViewer / UltraViewer / LogMeIn. Uninstall any you didn’t install yourself.
  5. Change linked-account passwords from a clean device. Email password first (because Apple ID recovery flows through email), then banking apps, then any other accounts whose 2FA is tied to your iPhone.
  6. Run Find My to verify no unauthorised devices have been added to your Apple ID. Settings > [Your Name] > Find My. Sign out of anything you don’t recognise.

If you’ve already sent money or gift cards

  1. Apple gift cards: contact Apple Support at support.apple.com/gift-cards immediately. If the codes haven’t been redeemed, Apple can sometimes freeze them. Provide the gift-card serial numbers and report the scam. Recovery probability drops sharply once codes are redeemed (typically within minutes).
  2. UK bank transfer: Call your bank’s fraud line on the number on the back of your card. Use the PSR Claim Wizard. PSR Mandatory Reimbursement covers up to £85,000 within 5 working days for APP fraud, which includes Apple-impersonation scams.
  3. Card payment: Use the Chargeback & Section 75 Generator. Credit-card purchases £100–£30,000 are protected by Section 75.
  4. Crypto / foreign wire: Report to Report Fraud on 0300 123 2040. Recovery probability is low.
  5. If Apple ID was compromised: change the password, enable 2FA, and review iCloud Backup / Shared Album / Find My device list for any unfamiliar entries. Notify family members whose devices are in your Family Sharing group.
  6. Report the scam to Apple by forwarding the email / sender details to reportphishing@apple.com. Apple’s security team uses these reports to action takedowns of scam infrastructure.
  7. If personal details were shared: consider CIFAS Protective Registration for 2 years of credit-file protection against follow-on identity fraud.

Related scam guides

Use the Scam Message Scanner →