Apple Account Change Alerts Abused to Send Phishing Emails

Attackers are abusing Apple’s legitimate account change notification system to deliver fake iPhone purchase scam emails. The phishing messages originate from Apple’s own servers, giving them the appearance of authentic Apple communications and allowing them to bypass many spam and email authentication filters.

The technique does not exploit a code vulnerability in Apple’s systems but rather abuses a notification trigger mechanism to send attacker-controlled content through trusted infrastructure. This increases the perceived legitimacy of the lure for recipients.

Users should treat any unsolicited Apple purchase notification with skepticism regardless of sender address. Verify account activity directly at appleid.apple.com rather than clicking links in email alerts.