好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,理解其主要信息。 文章讲的是骗子利用苹果账户的通知邮件进行诈骗。他们创建一个苹果账户,在个人信息中插入钓鱼信息,然后修改账户,触发苹果发送安全警报邮件。这些邮件看起来很真实,因为来自苹果的基础设施。骗子会将这些邮件重新分发给受害者,诱骗他们拨打假的技术支持电话。 接下来,我需要提取关键点:骗子使用合法的苹果通知、钓鱼信息嵌入安全警报、诱导拨打假电话、如何防范等。 然后,我要把这些内容浓缩到100字以内,确保信息准确且简洁。可能的结构是先说明问题,再描述方法,最后给出建议。 最后检查一下是否符合要求:不使用特定开头语,直接描述内容。确保语言流畅自然。 </think> 骗子利用真实的 Apple 安全警报邮件进行钓鱼诈骗,诱导用户拨打虚假技术支持电话。他们通过创建 Apple 账户并嵌入钓鱼信息触发 Apple 发送安全通知,并将这些邮件分发给受害者。这种手法结合了真实来源和钓鱼内容,极具欺骗性。用户需警惕此类邮件并避免点击可疑链接或提供个人信息。 2026-4-21 12:59:31 Author: securityboulevard.com(查看原文) 阅读量:10 收藏
The post Real Apple notifications are being used to drive tech support scams appeared first on Malwarebytes.
Scammers have found a way to abuse legitimate Apple account notification emails to trick targets into calling fake tech support numbers.
According to a report from BleepingComputer, scammers create an Apple account and insert a phishing message into the personal information fields, then modify the account so that Apple sends a genuine security alert about the change to the target.
BleepingComputer was able to replicate the attack.
The attacker creates an Apple ID they control, then stuffs the phishing message into the personal information fields (first name, last name, possibly address), splitting it across fields because they will not fit into just one.
To launch the phish, the attacker changes something benign on their specially created Apple account, such as shipping information, which causes Apple’s systems to send a “Your Apple account was updated” security email.
While the original alert is addressed to the attacker’s iCloud email, they are then able to redistribute it to a wider victim list, for example through a mailing list.
In the copy the targets receive, the email headers still show a legitimate Apple sender, and the presence of the attacker’s iCloud address can even make it look like “someone else” has gained access to the account.
Because Apple includes those user-supplied fields in the security email, the phishing text is delivered inside a legitimate message sent from Apple’s own infrastructure.
This method, called call-back phishing, filters out suspicious users, so the scammers can focus on the people who fell for the first part.
The emails come from a legitimate source, sail through every security filter because of that, and look convincing enough to scare the receiver into thinking someone spent $899 from their PayPal account.
But the structure of the email does not make sense.
“Dear User” is immediately followed by the scam message where your name should have been. The header says it’s about account information rather than a purchase. And the iCloud account does not belong to the recipient. So, once you know how it’s done, they’re not impossible to spot. Which is why we wrote this blog.
And when in doubt, you can always ask Malwarebytes Scam Guard.
Scam or legit? Scam Guard knows.
Scam Guard identified the screenshot as a scam and guides users through the next steps.
Scams like these work, because many users still view phone calls as more trustworthy than email, especially if the email itself passed all the usual technical authenticity checks and they initiated the call themselves.
How to stay safe
Tech support scammers will try to convince callers to install some kind of remote desktop application to steal data from your computer, or ask for financial details so they can steal your money.
To stay safe from these scammers:
- Be wary of unexpected alerts about high‑value purchases you do not recognize. They are suspicious even if they come from a real domain.
- Never call a number sent to you by unsolicited means or even found in sponsored search results.
- Carefully read emails and text messages, even if they come form trustworthy addresses. Does the email make sense from a structural and linguistic point of view?
- If someone claiming to be support for a legitimate company asks for remote access or payment details during a call, hang up and contact the company through official channels.
- Use Malwarebytes Scam Guard to analyze any kind of message that alarms you or urges you to take immediate action.
Something feel off? Check it before you click.
Malwarebytes Scam Guard helps you analyze suspicious links, texts, and screenshots instantly.
Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.
*** This is a Security Bloggers Network syndicated blog from Malwarebytes authored by Malwarebytes. Read the original post at: https://www.malwarebytes.com/blog/news/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams
如有侵权请联系:admin#unsafe.sh