Researchers warn of a phishing campaign that repurposes authentic Apple Support messages and ticket details to craft convincing lures, combined with follow‑up calls that pressure victims to reveal credentials or install remote‑support tools. Advisories urge verification via official channels and avoidance of granting remote access from unsolicited messages.

Security researchers have identified a phishing campaign that builds highly convincing lures by reusing legitimate Apple Support emails and ticket metadata, then layering follow‑up phone calls to pressure recipients into revealing account credentials or installing remote‑support software. Attackers replicate message formatting, reference authentic case numbers or ticket threads, and use social engineering over calls to create urgency and legitimacy. Once victims enter credentials or allow remote connections, attackers conduct account takeovers, enable fraudulent purchases, or install persistent remote‑access tools to expand compromise. The campaign increases success rates by leveraging real templates and known support workflows; victims frequently report that emails appear indistinguishable from genuine vendor communications. Defenders recommend verifying any unexpected support messages via the official Apple Support portal or known support numbers, never entering credentials from emailed links, refusing remote‑access requests from unsolicited contacts, enabling multi‑factor authentication, and reporting suspected lures to corporate security or vendor abuse channels.