- Scam Alert
- SMS Scam
- Apple Pay
- Phishing
- Consumer Safety
Fake Apple Pay SMS alerts and iCloud storage emails target iPhone users, with scammers harvesting bank details through urgent payment claims.
Apple Pay SMS Alerts and iCloud Phishing Emails Target iPhone Users
Consumer protection bodies in the United Kingdom and United States have flagged a wave of scam messages aimed at the global pool of roughly 1.8 billion iPhone users, combining fake iCloud storage warnings with bogus Apple Pay fraud alerts. Reporting from the Daily Mail, drawing on coverage from The Guardian and US-based consumer organisation ConsumerAffairs, indicates the scams use both email and SMS channels to pressure recipients into handing over banking credentials. Australian iPhone owners face the same playbook, given the cross-border nature of these campaigns.
What the Reports Describe
According to the Daily Mail's coverage, victims received emails claiming their iCloud storage was full and warning that photos, videos and app data would be lost unless they upgraded their plan. The messages included an action button leading to a fraudulent website built to capture payment details. The Guardian noted that some variants escalated the pressure, telling recipients their iCloud account would be closed within 48 hours.
One red flag highlighted in the source material was the sender address. Fraudulent emails came from a near-identical lookalike of legitimate Apple addresses, with the imposter using a single character variation that is easy to miss on a phone screen. Which?, the UK consumer organisation, called the messages sneaky fake emails and warned that the threat of deleted photos was a deliberate emotional hook.
The SMS leg of the campaign, surfaced by ConsumerAffairs, sends fake Apple Pay fraud alerts claiming a purchase was attempted or declined. Recipients who call the included number reach scammers posing as Apple Support, bank staff or even law enforcement. The Daily Mail reported that targets are then pressured to move funds to a so-called safe account, withdraw cash, or send money through Apple Pay, Apple Cash or gift cards.
Pattern and Australian Context
The tactics described in the source align with patterns Scamwatch has tracked through Australian community reports for several years. Impersonation of trusted brands, whether Apple, Australia Post, the ATO or major banks, remains one of the most common SMS scam vectors logged in Reverseau's contributor data. The combination of an urgency hook (storage full, fraud detected, account closing) and a request to call a number or visit a link is a recurring signature.
The cross-channel nature of this campaign is worth noting. Where earlier waves relied on a single SMS or email, contributors have increasingly described receiving both forms of contact within a short window, lending the scam a veneer of legitimacy. Australians using Apple devices, Apple Pay or iCloud subscriptions are likely to encounter localised versions of these messages.
What Australian iPhone Users Should Do
- Treat any unsolicited SMS or email about iCloud storage, Apple Pay activity or account closure as suspicious until verified through Apple ID settings on the device itself.
- Do not call phone numbers included in the message; contact Apple Support through support.apple.com or the Apple Support app.
- Check sender email addresses character by character, since scam variants rely on minor character substitutions in domain names.
- Avoid clicking upgrade or payment buttons inside emails. Manage iCloud storage from Settings on iPhone or iPad.
- Never move money to a safe account at the request of an inbound caller, regardless of how urgent the framing sounds.
- Do not provide passwords, two-factor codes or banking credentials over the phone or through links in messages.
How to Report Scam Calls and Check Numbers
Australians who receive a suspicious phone call connected to these scams can submit details to Scamwatch at scamwatch.gov.au. Suspicious SMS messages should be forwarded to 0429 999 888, the reporting line operated for Australian carriers, which feeds into ACMA's broader scam call and SMS blocking framework. Identity exposure following a scam interaction can be reported to IDCARE, and cybercrime incidents are accepted at ReportCyber via cyber.gov.au.
Before returning a call from an unfamiliar number, contributors are encouraged to search the number on Reverseau to review community reports. Aggregated reports often surface earlier sightings of the same number being used for Apple Pay impersonation, bank fraud claims or other phishing attempts. Adding a community report after an incident helps other Australians recognise the same caller and avoid the same trap.