Apple Fraud Prevention Team Scams EXPOSED – Full Investigation
Written by: Thomas Orsolya
Published on:
Apple Fraud Prevention Team scams are impersonation scams that use fake Apple billing and security alerts to create panic.
The message may arrive by email or text, but the script is the same. It claims there was a suspicious Apple Pay charge, tells you your account is at risk, and pressures you to call a phone number that connects you to scammers posing as Apple support.
If you call, the scam often escalates into a fake tech support operation focused on remote access, stolen credentials, and payment fraud.
Scam Overview
What the Apple Fraud Prevention Team scam really is
This scam is a blended phishing and tech support fraud.
The first contact usually looks like a billing or fraud notification from Apple. It may say your Apple ID was used for a purchase, that Apple Pay was activated on a new device, or that your account triggered a fraud review. The message often uses a specific dollar amount, a fake case ID, and a support number to make it feel legitimate.
The goal is not just to warn you.
The goal is to get you to call the number in the message.
Once that happens, the scam shifts from a fake billing alert into a fake support call. Apple warns that scammers use social engineering, which is impersonation and manipulation, to trick people into sharing sign-in credentials, security codes, and financial information. Apple also specifically warns about scam calls, voicemails, and messages that impersonate Apple Support.
The FBI describes the same broader pattern under spoofing and phishing. Scammers disguise sender names, phone numbers, or websites to look trusted, then use that trust to steal information or money. The FBI also notes that smishing happens through SMS texts and vishing happens over phone calls, which is exactly how this scam operates across both email and text channels.
Why scammers use the phrase “Fraud Prevention Team”
“Fraud Prevention Team” sounds official, neutral, and urgent.
It is one of those labels that instantly lowers a person’s guard because it sounds like the company is trying to protect them. The wording is designed to trigger a quick emotional response:
“Someone used my account”
“I need to stop this”
“I should call support immediately”
That emotional sequence is the conversion path.
Scammers know people respond faster to fraud alerts than to generic spam. They also know that if they use a big brand name like Apple, many recipients will assume the alert is part of a real security system.
Apple’s guidance tells users to assume an unexpected message or call requesting personal information or money may be a scam and to contact the company directly through official channels if needed. That advice matters here because the entire scam depends on you trusting the contact details inside the message.
Why the scam appears in both emails and text messages
This is the same scam campaign running across multiple channels.
Some versions are email-based and look like billing notices or fraud alerts. Others are text-based and look like urgent Apple Security Alert messages. In both cases, the language is nearly identical:
A fake charge or payment
A suspicious sign-in or Apple Pay activation
A warning that action is required
A phone number to call
The FTC has documented this exact structure in tech support scams. It warns that scammers send emails or texts claiming a suspicious charge or subscription renewal, then tell you to call a number if you want to dispute it. If you call, they move into a fake support script, request remote access, and start the real theft.
That is why it is important to see these messages as one scam family, not separate scams.
An “Apple Fraud Prevention Team” email and an “Apple Security Alert” text are often just different wrappers around the same operation.
Why these messages look convincing at first glance
The scammer does a few things very well.
First, they borrow Apple branding cues. The message may include the Apple name, a billing department label, a fake case ID, and support wording that resembles real customer service language.
Second, they add fake transaction details. You might see a precise amount like $143.95 or $623.00, a location like an Apple Store in a specific city, and a timestamp that makes the alert feel like a real payment log.
Third, they use mixed urgency. The message does not only mention a charge. It also mentions account risk, suspicious sign-ins, Apple Pay activation, or a blocked transaction. This creates fear on two fronts:
Financial loss
Account compromise
That combination makes people act fast.
The FTC has repeatedly warned that scammers rely on panic, pressure, and urgent stories to get people to stop verifying and start reacting. In its tech support scam guidance, the FTC explains that scammers use threats and pressure to push victims into giving up financial information or money.
Clear red flags in Apple Fraud Prevention Team scam emails and texts
These messages often contain several red flags at once.
Some are obvious. Others are subtle but very revealing.
They tell you to call a phone number in the message
This is the biggest red flag.
Real companies expect customers to contact them through official channels. Scammers want you to call the number they control.
The FTC’s guidance is direct on this point. If a message seems real, contact the company using a phone number or website you know is real, not the information in the message. The FBI gives the same advice and specifically says to look up the company’s phone number yourself, not the one the potential scammer provides.
The wording is off, even when the layout looks polished
Many Apple impersonation scams use awkward wording, inconsistent capitalization, or strange phrasing.
Examples include things like:
“That looks suspicious to us”
“Failing may lead to auto debit”
“Your Appointment Has Been Booked” in a fraud alert
“Review or cancel the transaction during the appointment”
The message may look formal, but the language does not read like a real Apple communication.
That mismatch is common in scam templates.
They use placeholders, generic labels, or unusual formatting
Fraud templates are often mass-produced and reused.
That is why some scam emails contain strange placeholders, generic department names, or inconsistent sections that do not make sense together, such as:
“Apple & Customer Billing Department”
“[Unverified Apple Pay Usage]”
A case ID that looks manufactured
Repeated support phone numbers in multiple spots
These details are not just sloppy. They are signals that the message was built to impersonate a process, not reflect a real account event.
They include technical details that sound impressive but do not hold up
Scammers often add “technical” details to create credibility.
This can include a timestamp, a device ID, or an IP address. But the details are often fake, meaningless, or even impossible. Some versions list invalid IP addresses that do not conform to standard formatting rules, which is a strong sign the message was never generated by a real payment or security system.
This is a common impersonation tactic.
The FBI notes that spoofing scams rely on small details that make a fake message look real enough to gain trust.
They create a false deadline
The message usually implies something bad will happen if you do not act right away.
You may be told:
The charge will auto-process
The transaction will not be reversible
Apple Pay will remain active on a new device
Your account will be charged within 24 hours
This is not about customer service. It is about forcing a fast decision.
The FTC warns that urgency is a core feature of these scams, especially in fake billing and tech support messages that pressure people to call immediately.
Why this is not just spam, but a serious theft setup
It is easy to dismiss these messages as annoying spam.
The problem is that they are usually the front end of a much bigger fraud attempt.
If the scammer gets you on the phone, they may try to:
Get remote access to your device
Collect Apple account credentials
Capture verification codes
Watch you log into your bank
Push a fake refund process
Demand gift cards or transfers
Apple warns users never to share passwords or security codes and to avoid suspicious calls claiming to be from Apple. Apple also advises users to contact Apple only through official support channels, not through links or numbers in suspicious messages.
The FTC and FBI guidance supports the same conclusion from another angle. Once you call or click, the scammer’s goal is to move you into a controlled environment where they can steal credentials or money.
The scam can target anyone, not just less technical users
A lot of smart people fall for this.
That is because the scam is not built around technical confusion alone. It is built around timing, stress, and brand trust.
You might be busy. You might have real subscriptions. You might have used Apple Pay recently. You might have had a real fraud alert from another company before. Scammers exploit that normal background noise and insert a fake alert that feels plausible.
The FTC has emphasized in multiple scam alerts that these messages can be convincing and that panic is often what makes people comply. Talking to someone you trust before acting can be enough to break the scam’s momentum.
That is why this scam still works.
It does not need a perfect message. It only needs a believable enough story and a phone number.
How The Scam Works
Stage 1: The fake Apple fraud message arrives
The attack starts with an email or text.
The message claims there was a recent Apple purchase, Apple Pay payment, suspicious sign-in, or payment activation. It often includes a specific amount, a location, and a case ID to make it feel like an internal fraud notice.
This is the hook.
The FTC describes a very similar pattern in fake subscription and charge scams. The message says there was a charge and tells you to call within a short timeframe if you want to dispute it. The brand name changes, but the flow is the same.
Stage 2: The message pushes you to call a “support” number
The message does not want you to log into your account and verify anything.
It wants you to call a phone number controlled by the scammer.
This matters because once you call them, they control the conversation. They can sound helpful, confident, and urgent. They can also keep you from contacting real Apple support or your bank while they work through the script.
Both the FBI and FTC warn people not to use contact information provided in unsolicited messages. Instead, they recommend looking up the official contact details yourself.
Stage 3: A fake Apple support agent answers
When victims call, the person on the line often sounds professional.
They may introduce themselves as:
Apple Support
Apple Billing
Apple Fraud Prevention
Apple Account Security
Senior Apple Technician
They may use a fake case number and thank you for “reporting the fraud quickly.”
This is intentional.
The scammer needs to create authority before asking for anything sensitive. Apple warns that scam calls and voicemails may impersonate Apple Support, and the FBI explains that spoofing and impersonation are designed to make you believe you are talking to a trusted source. (Apple Support)
Stage 4: The scammer confirms basic information to build trust
Before asking for passwords or money, the scammer often asks low-risk questions.
For example:
Your name
Device type
Whether you use iPhone or Mac
Whether you use Apple Pay
Your ZIP code
Your email address
This serves two purposes.
First, it makes the call feel like a real support workflow.
Second, it gives the scammer enough information to customize the next part of the script. If you say you use a Mac, they pivot to a computer security story. If you say you use Apple Pay, they push the payment fraud story harder.
Apple notes that scammers use manipulation and sophisticated tactics to persuade people to share personal details and financial information.
Stage 5: The script shifts from billing to “device security”
This is where the scam usually becomes a fake tech support scam.
The caller may say the charge was only one symptom and that your device or Apple account appears compromised. They may claim:
A hacker is connected to your device
Malware is causing unauthorized Apple Pay activity
Your Apple ID token was activated on another device
They need to “secure” your device before they can cancel the charge
This is a classic move.
The FTC describes tech support scams where scammers impersonate well-known companies, claim there is a virus or malware problem, and use that claim to justify remote access and payment demands.
The fake Apple billing alert is just the first script.
The real scam begins when they convince you your device needs immediate technical intervention.
Stage 6: They ask you to install remote access software
This is one of the highest-risk moments in the scam.
The caller may instruct you to install a remote access tool such as AnyDesk or another screen-sharing app. They frame it as a normal support step so they can “inspect” or “secure” your device.
Once installed, they will ask for the code or approval needed to connect.
If you provide it, they may be able to:
See your screen
Control your device
Open websites
Watch what you type
Guide you through banking or account logins
AnyDesk’s own abuse prevention guidance warns that scammers misuse remote access software to connect to devices and steal data, access codes, and money. It also gives a very clear rule: never give people you do not know access to your devices and never share online banking logins or passwords. (AnyDesk)
The FTC also warns that fake tech support agents ask for remote access and may use it to steal information or install malware. (Consumer Advice)
Stage 7: The scammers harvest credentials and financial information
After the remote session starts, the scammer often moves quickly.
They may ask you to log in to your Apple account to “verify the fraud block” or to your bank account to “confirm the charge was reversed.” In reality, they are trying to collect credentials, watch your logins, or trigger password resets.
Common targets include:
Apple account sign-in
Email inbox
Banking websites
Card account portals
Payment apps
Verification codes sent by text
The FBI warns that phishing often leads victims to spoofed websites that look nearly identical to real ones, where criminals collect passwords, credit card numbers, and banking information.
Some scammers do not even need a fake website if they can watch you log in on a real one during a remote session.
Stage 8: The fake refund or overpayment trick
A common endgame is the fake refund script.
The scammer pretends they canceled the Apple charge or issued a refund, then claims they made a mistake and refunded too much money. They may say:
“We sent $1,439.50 instead of $143.95”
“You need to return the difference”
“This is a recorded compliance issue”
This is a known fraud pattern.
The FTC specifically describes scams where victims call to dispute a fake charge, give remote access, and then get pushed into a fake refund scenario where scammers claim an overpayment and demand money back.
The fake refund is not an accident.
It is a pressure tactic to move you from “I need help” to “I need to pay them back.”
Stage 9: Payment demand through gift cards or other hard-to-reverse methods
Once the overpayment story is in place, the scammer demands payment.
They often insist on methods that are difficult to reverse:
Gift cards
Bank transfer
Wire transfer
Cryptocurrency
Payment apps
The FTC notes that these are common payment channels in tech support scams because scammers want irreversible or difficult-to-trace payments. It also warns that scammers may tell people to buy gift cards and share the codes, which is a major fraud sign.
Apple’s anti-scam guidance also warns users not to share security information and to treat requests for money or sensitive account data in unexpected messages as suspicious.
If a caller claiming to be Apple asks for gift cards, it is a scam.
Stage 10: The scam can continue after the first call
Many victims think the scam ends once they hang up.
Sometimes that is only the beginning.
If the scammers captured your information, they may:
Call again from another number
Pretend to be a different department
Try password reset attempts
Use your email for additional scams
Sell your details to other scam groups
The FBI warns that spoofing allows scammers to disguise phone numbers and sender names, which is why follow-up calls may look different and still be part of the same operation.
This is also why blocking one number is helpful but not enough.
The real defense is securing your accounts and refusing to engage with unsolicited support calls.
Stage 11: Why this scam works so well
This scam works because it combines several strong manipulation tactics in one flow:
The FTC’s consumer guidance on tech support scams repeatedly highlights the same ingredients: pressure, threats, and fake security claims that push people into fast decisions.
The format changes, but the engine is the same.
An email that says “Apple Fraud Prevention Team” and a text that says “Apple Security Alert” are often just two different doors into the same scam room.
What To Do If You Have Fallen Victim to This Scam
If you interacted with the scam, move fast but stay calm.
The right response depends on how far the scam got. Use the checklist below in order and prioritize the steps that match what happened.
1) If you only received the email or text and did not call or click anything
This is the best-case scenario.
Take these steps:
Do not reply.
Take a screenshot for documentation.
Block the number if it was a text.
Mark the email as junk or phishing.
Report the message.
Delete it.
Apple says suspicious Apple impersonation emails can be forwarded to reportphishing@apple.com, and suspicious Apple-related SMS messages can be reported by sending a screenshot to the same address. Apple also notes you can use “Report Junk” for suspicious Messages content.
The FTC also recommends forwarding unwanted phishing texts to 7726 (SPAM), reporting them in your messaging app, and filing a report at ReportFraud.ftc.gov.
2) If you called the number but did not share any information
That is still recoverable, but do not assume it is over.
Do this immediately:
Hang up if the call is still active.
Do not call back.
Block the number.
Ignore follow-up calls claiming to be Apple or a “fraud callback team.”
Verify your Apple account separately through official Apple channels only.
Apple warns users not to answer suspicious calls claiming to be from Apple and to contact Apple through official support channels instead. The FBI also warns that caller ID can be spoofed, so a familiar name or number is not proof.
3) If you clicked a link in the email or text
Treat it as a possible phishing exposure.
Even if nothing obvious happened, take these steps:
Close the page.
Do not enter any information.
Run a security scan on your device.
Check for suspicious downloads or new apps.
Change your password if you typed it anywhere.
The FTC advises that if you clicked a link or opened an attachment and suspect harmful software, you should update your security software and run a scan.
4) If you gave your Apple account password or verification code
This is urgent.
Apple specifically warns users never to share passwords or security codes, and says that if you think your Apple Account was compromised or you entered information on a scam site, you should change your Apple Account password immediately and confirm two-factor authentication is enabled.
Take these steps right away:
Change your Apple Account password from a device you trust.
Confirm two-factor authentication is on.
Review trusted devices and remove any you do not recognize.
Review your recovery phone and recovery email.
Check payment methods linked to your Apple account.
Review recent purchases and subscriptions.
Apple’s security help page also points users to review recent purchases if they have a question about a charge, which is the correct way to check a real Apple billing concern.
5) If you reused the same password on other accounts
Assume those accounts are at risk too.
This is a common follow-on problem in phishing and fake support scams.
Do this next:
Change the password on your main email account.
Change passwords on any accounts that reused the same password.
Use unique passwords for each account.
Enable multi-factor authentication where available.
The FTC’s tech support scam guidance specifically tells people to change passwords immediately if they gave a username and password to a scammer, and to change reused passwords on other accounts too. The FBI also recommends using two-factor or multi-factor authentication whenever possible.
6) If you installed AnyDesk or another remote access app
This is one of the most important recovery steps.
If a scammer had remote access, treat your device as compromised until you secure it.
Do this now:
Disconnect from the internet.
End the remote session.
Uninstall the remote access app.
Restart the device.
Check for unknown apps, browser extensions, and configuration changes.
Run a full security scan.
Change important passwords from a different trusted device if possible.
AnyDesk warns that scammers misuse remote access tools to steal data, access codes, and money. It also advises users to end calls and stop remote sessions if they feel uncomfortable or suspect fraud.
If you are not sure the device is clean, have it checked by a trusted IT professional. AnyDesk’s own guidance lists this as a recommended step after a scam.
7) If you logged into bank or card accounts while they were watching
Assume the scammers may have seen or captured your financial information.
Do not wait for fraud to show up.
Call your bank or card issuer using the number on the back of your card or the official website, not any number from the scam message. Tell them you may have been targeted by a remote access or fake support scam and ask for immediate fraud protection.
Ask your bank or issuer about:
Card replacement
Account monitoring
Temporary holds
Login resets
Unauthorized transaction review
The FTC advises people to check bank and credit card accounts, report unauthorized charges, and contact the financial institution directly.
8) If the scammer asked you to “move money to protect it”
This is a scam, even if they claim to be Apple, your bank, the FTC, or the FBI.
The FTC has issued warnings about scammers who tell victims to transfer money, buy gift cards, or move funds to a “safe” account. The FTC is clear that only a scammer will tell you to move or transfer your money to protect it.
If you started a transfer, contact the bank or payment service immediately and report fraud.
Speed matters.
9) If you paid with gift cards
Act fast, even if the caller said the payment was for “verification” or “refund correction.”
Take these steps:
Save receipts and gift card numbers.
Contact the gift card company immediately.
Ask if the funds can be frozen or recovered.
Report the scam to the FTC.
Keep screenshots and call logs for your records.
Gift card payment requests are a common end stage in tech support scams, and the FTC repeatedly flags this pattern in its guidance and alerts.
10) Report the scam to Apple, the FTC, and the FBI
Reporting helps track numbers, scripts, and fraud patterns.
Include the scam phone number, message wording, and what happened
FBI IC3
File a report at IC3 if you lost money, gave remote access, or exposed sensitive information
Apple directly lists reporting options for suspicious Apple impersonation emails, texts, and scam calls. The FBI also directs victims to report spoofing and phishing to IC3.
11) Report spam texts to your carrier
This is simple and useful.
The FTC recommends forwarding scam texts to 7726 (SPAM), which helps wireless providers identify and block similar messages. The FTC also recommends using your messaging app’s built-in spam reporting option.
This will not stop every scam, but it helps reduce repeat campaigns.
12) Monitor your accounts and devices for follow-up abuse
Scammers often try again.
For the next several weeks, watch for:
Password reset emails you did not request
New device login alerts
Unrecognized Apple purchases
Suspicious bank activity
New scam calls referencing your earlier “case”
If anything looks wrong, act immediately.
Apple’s account security guidance emphasizes rapid password changes and account protection when compromise is suspected.
13) If identity information was exposed, use identity theft recovery tools
If you shared sensitive information like account numbers, card details, or other personal identifiers, take identity theft prevention seriously.
The FTC’s phishing guidance directs people to IdentityTheft.gov for tailored recovery steps based on what information was exposed.
That is a good next step if you are not sure how to prioritize your response.
14) Use one rule going forward: never trust the contact details in the alert
This one habit blocks most scams in this category.
If you get a message that claims to be from Apple:
Do not call the number in the message
Do not click the links in the message
Check your Apple account and purchase history directly
Contact Apple through official support channels you navigate to yourself
This aligns with the core advice from Apple, the FTC, and the FBI, and it is the single most effective way to avoid this scam family.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
Apple Fraud Prevention Team scams are not real Apple security alerts. They are impersonation scams designed to push you into calling a fake support number.
The message may come by email or text, but the goal is the same: create panic, gain trust, and move you into a fake tech support call where scammers try to get remote access, steal credentials, and take money.
If you receive one of these messages, do not call the number in the alert. Verify your account directly through official Apple channels, report the message, and delete it. If you already interacted with the scam, act quickly, secure your accounts, and report it. Fast, calm action can stop a bad situation from getting worse.
Apple Fraud Prevention Team scams are fake Apple billing and security alerts sent by email and text message to trigger panic.
They typically claim there was a suspicious Apple Pay charge or unauthorized Apple ID activity, then urge you to call a phone number for immediate help. If you call, you are connected to scammers posing as Apple support who may try to gain remote access to your device, steal account or banking information, or pressure you into sending money.
Treat these messages as phishing or smishing scams. Do not use the phone number or links in the alert.
FAQ
Is the Apple Fraud Prevention Team message real?
In scam cases, no. It is an impersonation message designed to look like an Apple billing or fraud alert.
The goal is to make you call a fake support number so scammers can take control of the conversation.
Why do these scam messages look so convincing?
Scammers use Apple branding, realistic dollar amounts, fake case IDs, and urgent wording to make the message feel legitimate.
They rely on fear and speed so you react before you verify the alert through official Apple channels.
Do scammers send this by both email and text?
Yes.
The same scam often appears in multiple formats, including email and SMS. The wording may change slightly, but the core script is the same: fake charge, urgent warning, and a phone number to call.
What happens if I call the number?
You usually reach a fake support center.
The caller may pretend to be Apple billing, fraud prevention, or technical support. They may then claim your device or Apple account is compromised and push you into risky steps.
Why do they ask me to install AnyDesk or another remote access app?
Because they want access to your device.
If you install remote access software and approve the connection, scammers may be able to see your screen, control your device, and capture passwords, banking details, or verification codes.
Can they really steal money this way?
Yes.
These scams often end with credential theft, fake refund tricks, or payment demands through gift cards, bank transfers, or other methods that are hard to reverse.
Is a specific charge amount like $623.00 or $143.95 proof the alert is real?
No.
Scammers often use exact amounts because they look more believable. A precise number does not make the message legitimate.
How can I check if there is a real Apple charge?
Check directly through official sources only.
Review your Apple purchase history, Apple Pay transactions, and bank or card statements by opening the app or website yourself. Do not use links or phone numbers from the message.
What should I do if I only received the message and did not call or click anything?
That is the best case.
Take a screenshot, report it as spam or phishing, block the number if it was a text, and delete the message.
What should I do if I called but did not share any information?
Hang up and do not call back.
Block the number and ignore follow-up calls. Then check your Apple account directly using official Apple support or your account settings.
What should I do if I gave them my Apple ID password or a verification code?
Act immediately.
Change your Apple account password, review your trusted devices, confirm your recovery details, and change the password on your email account too, especially if it is linked to your Apple account.
What should I do if I installed remote access software?
Treat it as urgent.
Disconnect from the internet, end the session, uninstall the remote access app, restart your device, and change important passwords from a trusted device. If you logged into banking or card accounts during the session, contact your bank right away.
Why do scammers ask for gift cards?
Because gift cards are difficult to trace and recover.
Any caller claiming to be Apple support who asks for gift cards is running a scam.
Can scammers spoof caller ID and make it look like Apple?
Yes.
Caller ID can be spoofed, so a familiar name or number on your screen is not proof that the call is legitimate.
How do I report an Apple Fraud Prevention Team scam message?
You can report it in several ways:
Mark the email as phishing or spam
Report the text as junk in your messaging app
Forward scam texts to 7726 (SPAM)
Report Apple impersonation attempts to Apple
File a report with the FTC
File a report with the FBI IC3 if money was lost or sensitive information was exposed
What is the best rule to avoid this scam in the future?
Never use the phone number or links inside a security or billing alert message.
Always verify the issue by going directly to your Apple account or Apple Support through official channels that you open yourself.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
2 thoughts on “Apple Fraud Prevention Team Scams EXPOSED – Full Investigation”
This is a great article. I feel for this when I was not feeling well and not really thinking. I know better this was an expensive lesson. Thank you
Please do not be too hard on yourself. A lot of these scams are designed to catch people when they are stressed, distracted, or not feeling their best. That is exactly when scammers are most effective.
I’m glad the article helped make sense of it, even if it came after an expensive lesson.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
This is a great article. I feel for this when I was not feeling well and not really thinking. I know better this was an expensive lesson. Thank you
Hi Margo, thank you for sharing that.
Please do not be too hard on yourself. A lot of these scams are designed to catch people when they are stressed, distracted, or not feeling their best. That is exactly when scammers are most effective.
I’m glad the article helped make sense of it, even if it came after an expensive lesson.