Fake Apple ID Locked Scam: Email, Text, and Pop-up Variants
If you got a notification that your Apple ID has been locked, suspended, or compromised, slow down before you click. Real Apple ID account actions show up in exactly one place: Settings (or System Settings on macOS) under your name at the top, with a banner inside the device itself. They do not show up in standalone emails with login links, they do not show up as SMS messages from random ten-digit numbers, and they do not show up as full-screen pop-ups in Safari with countdown timers. Every one of those formats is a phishing attempt, and the goal in all three is the same: capture your real Apple ID password and any two-factor code your device just sent you.
Apple ID phishing has grown sharply since 2024 because an Apple ID is uniquely valuable to attackers. With your password and one 6-digit code they can: ring up purchases on your stored payment methods, lock you out of iCloud, remotely wipe your iPhone, intercept iMessages and FaceTime calls, and use the Find My network to track devices linked to your account. The total potential damage from one bad click rivals losing your bank password.
There are three flavors of the locked-Apple-ID scam in circulation right now. The email variant arrives from a noreply-styled sender that is not @apple.com and links to an icloud- or appleid-look-alike domain. The SMS variant is short and urgent, often citing a 24-hour countdown. The Safari pop-up variant is the most aggressive: a full-screen JavaScript alert appears claiming the iPhone is locked and showing a phone number to call. All three lead to the same fake login page or fake 'Apple Support' phone line.
FakeOrLegit is not affiliated with Apple. The signals below are independent of any Apple communication. If you have already entered your Apple ID password on a suspicious page or pop-up, skip to the 'What to do' section first, the next few minutes matter for keeping the account.
Warning signs
- The sender address is not exactly noreply@apple.com or appleid@id.apple.com. Anything else, especially Gmail, Outlook, or a misspelled apple-style domain, is fake.
- There is a sign-in link or 'verify' button in the body. Real Apple emails never send you to a sign-in page through a link; they tell you to open Settings on your device.
- The link, when previewed (hover on desktop, long-press on mobile), goes to a domain that is not exactly apple.com or icloud.com. Common scam domains: appleid-verify, icloud-account, apple-support, appleid-unlock, all on .com / .shop / .top / .click TLDs.
- An SMS version arrives from a long ten-digit number. Real Apple security alerts do not come via SMS at all.
- A Safari pop-up claims your iPhone is locked and displays a phone number to call. iOS and macOS do not display support phone numbers in browser dialogs, ever. That is a pure JavaScript trick.
- The message creates a 24-hour or 12-hour countdown. Real Apple ID lockouts do not time-bomb account deletion; you can resolve a genuine sign-in alert any time through Settings.
- It asks for your Apple ID password and the two-factor code in the same flow. The 2FA code is the second factor for a reason, any single page that captures both is harvesting credentials, not verifying you.
- Greeting is generic ('Dear Customer', 'Dear Apple User') rather than your name. Real Apple account emails use the name you set on the account.
- After you enter credentials, the page redirects to apple.com or shows a generic 'thank you', this is the giveaway that the fake page already has what it needed.
- If it is the pop-up variant, normal page navigation feels blocked (the alert reopens itself). Closing the entire browser tab and clearing site data fixes it, no infection, just JavaScript theater.
What to do
- Do not click the link or call the number in the message. If you already opened the link but did not enter anything, just close the tab, browsing alone usually does not compromise you.
- Open Settings on your iPhone or iPad (or System Settings on Mac) and tap your name at the very top. If your Apple ID is genuinely flagged, the warning will be right there. If nothing is there, the message was fake and you can ignore it.
- If you already entered your Apple ID password on a suspicious page: change it immediately at appleid.apple.com (type the URL yourself) or in Settings > [your name] > Sign-In & Security > Change Password. Then sign out of all other sessions inside Settings > [your name] > scroll to the device list and remove anything you do not recognize.
- Turn on two-factor authentication if it is not already on (Settings > [your name] > Sign-In & Security > Two-Factor Authentication). Apple makes 2FA the default for new accounts but older accounts may still be 2FA-off.
- If you also entered a 6-digit verification code on the fake page, the attacker may have logged in already. Force-sign-out all sessions (above) and check Settings > [your name] > Subscriptions, Payments, and Purchase History for anything unrecognized.
- If you called the phone number from the pop-up and gave any information, change your Apple ID password and any password you reuse, then call Apple Support yourself through the Apple Support app or by typing getsupport.apple.com.
- Report the original email by forwarding it to reportphishing@apple.com, Apple's official anti-phishing inbox. Apple uses these reports to take down lookalike domains.
- Watch your Apple Pay and credit card statements for the next 30 days. Stored payment methods are the most common follow-up target after Apple ID compromise.
FAQ
Run a check now
If a specific link or message triggered this guide, paste it for an instant risk report.
Related guides
Fake Apple ID Security Alert
A fake "your Apple ID was used to sign in" message pushes you to a phishing page. Here is how to confirm and respond.
Fake Apple Receipt Fraud Email
Fake App Store or iTunes receipts pretend you bought a big item, then push you to a "dispute" link. Here is how to tell.
Fake Gmail Security Alert
Fake Gmail security alerts impersonate Google and push you to a fake sign-in. Here is what to check.
Fake Microsoft 365 Suspension Email
Fake Microsoft 365 suspension emails push you to a phishing login page. Here is how to verify and avoid losing access.
How to Check if a Website Is Legit
A simple, honest checklist for spotting a fake or scam website in 30 seconds before you share information or pay.
Disclaimer
FakeOrLegit provides automated risk signals based on publicly observable patterns. We do not guarantee that any site, email, or message is safe or unsafe. Always use your own judgment, and contact the real institution directly to verify any request before sharing personal or payment information.
FakeOrLegit is not affiliated with Apple. Apple did not send and does not endorse this analysis.