Phishers weaponize Apple change alerts to push fake iPhone scams
A phishing campaign uses legitimate Apple account-change emails to push a fake iPhone purchase alert, embedding the scam text into user-provided Apple ID name fields so the message appears authentic; when recipients call the supplied number, they risk remote access or data theft. The emails pass SPF/DKIM/DMARC, and are delivered from Apple infrastructure, highlighting how attackers abuse legitimate features to bypass filters. Users should be wary of unexpected purchase notices and verify changes via official Apple channels.