Apple ID phishing is one of the top scams targeting iPhone and Mac users. Fraudsters fake Apple's emails with near-perfect design, but real Apple emails never ask for your password or payment info via a link.
About this scam type: Emails or texts claiming your Apple ID was locked or compromised
ScamRadar verdict: likely-scam · Risk score: 86/100
From: Apple <appleid-support@apple-id-verification.com> Subject: [Important] Your Apple ID has been locked We detected an unauthorized sign-in attempt to your Apple ID from Moscow, Russia. Your account has been locked for security. To unlock and verify your identity within 24 hours, click here: [Unlock Apple ID]. Failure to verify will result in permanent account deletion.
Apple does not lock accounts based on unfamiliar sign-in locations — it sends a notification but requires no action unless you actually weren't the one signing in. The lookalike domain (apple-id-verification.com) is the dead giveaway.
If you only clicked the link but did not enter information, close the page and clear your browser data. If you entered your Apple ID and password on the fake page, change your Apple ID password immediately at appleid.apple.com or in Settings on your iPhone (Settings > [your name] > Sign-In & Security > Change Password), enable two-factor authentication if not already on, and review your devices and trusted phone numbers — remove anything unfamiliar. Apple ID is the master key to iCloud, App Store purchases, Find My, Messages in iCloud, and Apple Pay, so a compromise is severe. Sign out of all sessions, then check that your iCloud backups, photos, contacts, and Find My device list are intact and have not been tampered with. If you also entered card details, contact your bank.
Real Apple sign-in alerts appear as a system notification on your trusted Apple devices, asking you to Allow or Don't Allow with a map showing the sign-in location. They never come as an email with a link to click. To check your account status at any time, go to Settings > [your name] on your iPhone or to appleid.apple.com directly in a browser. Real Apple emails come from @email.apple.com or @apple.com only. Apple's Message Center under your Apple ID account shows every legitimate notification.
Apple sends a notification to your trusted devices, but does not lock the account unless you respond Don't Allow on a sign-in attempt or change your password. There is no 24-hour deadline and no email link required to unlock anything.
It is a popup notification on your iPhone, iPad, or Mac that shows a map with the sign-in location and asks Allow or Don't Allow. It is not an email with a link, never a text with a link, and never has a deadline.
Change your Apple ID password immediately at appleid.apple.com, enable two-factor authentication, review your trusted devices and phone numbers, remove anything unfamiliar, sign out of all sessions, and check Find My to make sure no devices have been added or removed without your knowledge.
Your Apple ID controls iCloud (photos, contacts, backups), App Store payments, Find My device tracking, Messages, and Apple Pay. Compromising it gives a scammer access to nearly your entire digital life, which is why phishing is so aggressive against Apple users.
Forward the full email to reportphishing@apple.com. On iPhone, you can also report iMessages by tapping Report Junk under suspicious texts. File an FTC report at reportfraud.ftc.gov.
Last reviewed: 2026-06-24 by the ScamRadar editorial team. We update this page when scammer tactics change or when official agencies issue new guidance.
ScamRadar · Blog · Scam Database · Is It Legit? · About