If you’ve ever been scammed on Apple Pay, you aren’t alone. According to the Federal Trade Commission (FTC), there were about 5,000 reports of scammers impersonating Apple in 2023 alone, which led to total losses of around $17 million.
That $17 million only includes Apple impersonation scams. Other scams involve impersonating other businesses, online marketplaces, or banks to steal personal information or funds.
Keep reading to learn about some of the most common Apple Pay scams and how to help identify, avoid, and mitigate them.
1. Customer support
Customer support scams occur when a criminal impersonates a member of Apple’s support staff. Cybercriminals might trick you into sending them money by claiming it’s necessary to test Apple Pay. These criminals also might request information that gives them access to your Apple account.
Apple Pay customer support scammers commonly request:
- Payments via Apple Cash to test your device
- Your security credentials or other forms of verification
- You install screen-sharing software to identify an account issue
- You click a link to help fix an issue with your account
Apple has strict policies against asking for personal information like their users’ passwords and account information. Instead, Apple’s customer service team will send a notification to your device. Apple representatives also won’t ask you to share your screen or tell you to click unusual links, so ignore these requests and report them to Apple’s actual customer support staff.
How to avoid a customer support scam: If you get an unexpected message from Apple customer support, never click any links, download apps, share personal information, or transfer money to the “agent.” If you’re ever unsure, contact Apple customer support directly through an official channel.
2. 2FA requests
Two-factor authentication (2FA) request scams are when a scammer tries to steal authentication codes to access your account. These codes are usually sent to your email, phone, or authentication app (like Google Authenticator). If you’re a target of a 2FA scam, criminals might already have access to your password.
Scammers often rely on bots, such as automatic dialers and texting systems, to make fake authentication requests in bulk. In other cases, these authentication requests can be made through a fake website. Beware of authentication requests that feel out of the ordinary and never share your 2FA code with anyone.
In extreme cases, scammers may attempt to hijack your number with a SIM swap. A SIM swap scam is when a hacker convinces your phone provider to switch your number to a SIM card they can access. In these cases, they can get direct access to text-based 2FA codes, compromising your account.
How to avoid a 2FA scam: Use trusted authentication apps like Google Authenticator or Apple’s built-in 2FA feature to receive your codes. Never share your code with anyone—a legitimate support agent won’t ever ask for it.
3. Gift cards
Gift card scams are when a fraudster tries to get you to pay them with gift cards, which are difficult to trace. They may suggest you use Apple Pay as a convenient way to purchase and send them an Apple Gift Card or other digital gift card.
Apple Pay gift card scams can come in many forms—here are a few to look out for:
- Impersonating the IRS or another government agency to say you owe them money and need to make an immediate payment
- Pretending to be a company and claiming you need to pay them to fix a tech support issue
- Impersonating a friend or family member that’s in trouble and needs money fast
- Pretending to be your utility company and threatening to shut off your services unless you pay them immediately
- Telling you that you’ve won a prize, but you need to pay fees through a gift card to claim it
Gift card scams can operate similarly to Apple Cash scams in that it's nearly impossible to get your money back.
How to avoid a gift card scam: Don’t provide gift card numbers to anyone you don’t know. Never use gift cards as a form of payment.
4. Stolen credit cards
Stolen credit card scams are similar to overpayment scams—these affect Apple Pay users when scammers “accidentally” send funds to them and then request a refund. The scammer will often ask for the money back quickly through your Apple Pay or Apple Cash accounts. However, scammers will use a stolen credit card—never their own money—to send funds in the first place.
Here’s an example of this scam from a Reddit user:
“...I was sent $287 on Apple Cash by a random number… and… my settings automatically accept Apple Cash sent to me… They asked me to send it back, saying they were recording me and calling the cops…”
Source: Reddit
When the original cardholder realizes what happened, they’ll dispute the charges. This means the initial payment is eventually returned to them, leaving you out of pocket for the “returned” funds and the scammer scot-free with their ill-gotten gains.
Always be cautious when anyone requests a refund via Apple Pay, and learn how to protect your credit card online.
How to avoid a stolen credit card scam: Never refund payments to people you don’t know via Apple Pay or Apple Cash. Contact your bank or card issuer for guidance and only ever refund the original transaction once it clears your bank.
5. Security breaches
While Apple Pay has strong security in place, some businesses or merchants you transact with might have weaker practices in place making their systems more vulnerable to a security breach. During a security or data breach, personal data—such as your transaction history—can be compromised through malware or system vulnerabilities.
In 2023, Statista found that over 350 million individuals were affected by data compromises, including breaches, leaks, and exposure. Thankfully, in all 50 states and U.S. territories, companies are legally required to notify you when a data breach occurs.
To reduce the risk of having your personal information used against you as a result of a security breach, limit the websites and businesses you share your personal data with. And subscribe to an identity theft protection service like LifeLock Ultimate Plus, which monitors for fraudulent use of your personal information and provides robust restoration services if your money is ever stolen as a result of identity theft.
6. Unsecured Wi-Fi
Using Apple Pay or any digital wallet on unsecured public Wi-Fi networks increases the risk of unauthorized access to your personal information. Without robust security measures like encryption, hackers can more easily intercept data transmitted over these networks, potentially gaining access to sensitive Apple Pay details, such as transaction history or login credentials.
Once compromised, attackers can exploit this access to conduct fraudulent transactions or initiate broader identity theft. To help protect your data, avoid using Apple Pay or conducting other sensitive transactions over unsecured Wi-Fi unless you’re using a VPN to secure your connection.
How to avoid scams over unsecured Wi-Fi: Don’t use Apple Pay or initiate other sensitive transactions over public Wi-Fi. If you have to, connect to a VPN first to help secure your connection.
7. Fraudulent businesses
Fraudulent businesses often try to mimic Apple-affiliated companies to trick customers into entering their Apple Pay details. Be cautious of “limited-time” offers that appear too good to be true, like promises of extremely large rewards in the form of free Apple Cash. While some banks and other companies may offer Apple Cash rewards, only sign up for promotions via a company's official website.
In these scams, fraudsters may request personal information like your Social Security number, address, full name, and Apple ID credentials. Providing this information can lead to unauthorized access to your Apple Pay account, potentially resulting in financial loss.
How to avoid fraudulent business scams: Double-check the legitimacy of offers by visiting official websites and avoid suspicious links. Don’t respond to unsolicited communications.
8. Overpayment
An Apple Pay overpayment scam often starts with a fraudster sending a fake payment notification that appears to show a legitimate transaction via Apple Pay. Since Apple Pay is traceable to the user’s Apple ID, the scammer will use a fake Apple Pay account. The hope is to deceive the seller into believing they received the money, although no payment was made.
The scammer will ask the seller to refund the difference via a different payment method. This type of scam can occur on platforms like Craigslist and Facebook Marketplace or when scammers contact an online store directly.
How to avoid an overpayment scam: Whether you’re an individual selling items on an online marketplace or have your own website, if you receive a payment notification, always check your bank account to verify it. Never refund payments to people you don’t know via Apple Pay or Cash. Instead, refund the original transaction after it clears your bank.
Apple Pay scam warning signs
There are a few major red flags to look out for when defending against cybercriminals attempting an Apple Pay scam:
- You receive an unexpected text, call, or email.
- The text, call, or email requests sensitive information like your Apple ID, password, or bank card.
- The call, text, or email has a sense of urgency, threatening legal action, financial penalties, or account suspension.
- The email or text contains a suspicious link.
- The email or text contains an attachment that you didn’t explicitly request.
- The email or phone number doesn’t match what Apple has on its official website.
- You receive an unexpected payment via Apple Pay.
If you suspect you’re being targeted by an Apple Pay scam, don’t respond to the message. Clicking links can result in a malware infection and potentially compromise your personal information.
Instead, confirm any unusual requests by contacting Apple’s official customer support at (800) 275-2273. It’s also a good idea to check whether any of your information has been leaked on the dark web by using a breach detection service.
Steps to take if you fall victim to an Apple Pay scam
If you fall victim to Apple Pay fraud, it’s important to take quick action to help limit the damage and re-secure your Apple Pay account. Here are the steps you should follow:
- Contact Apple support to notify them of your account issue so they can temporarily lock your account.
- Change your Apple ID password to something unique and strong.
- Add 2FA to your Apple account if you haven’t already.
- Freeze or replace bank cards linked to your Apple Pay account to prevent fraudulent transactions.
- Monitor your accounts for any suspicious activity, including fraudulent payments, login attempts, and suspicious notifications.
- File a police report with local law enforcement through their non-emergency line if you’ve lost a significant amount of money.
- File a complaint with the FTC by clicking the “report now” button on their ReportFraud page.
Tips to help prevent Apple Pay scams
Here are tips to follow to implement proactive measures to help prevent Apple Pay scams before they happen:
- Don’t respond to unsolicited messages even if they appear to be from Apple.
- Only send money to individuals you know personally via Apple Cash.
- Verify the email and phone number of any communication claiming to be from Apple.
- Never share personal information unless you can verify the recipient's identity.
- Be cautious of threats involving legal action or account suspension.
- Ignore requests for personal information as they are likely phishing attempts.
- Use strong, unique passwords on all your accounts.
- Enable 2FA on your banking and Apple accounts for added security.
- Regularly monitor your linked Apple Pay cards for any unauthorized transactions.
- Don’t refund money off Apple Pay as the requester is most likely a scammer who’s used a fake or hacked account.
Protect yourself from mobile payment scams
You can do a lot to help protect yourself against Apple Pay scams, but it’s difficult to monitor for fraud all by yourself. That’s where a strong identity theft protection service steps in.
LifeLock Ultimate Plus keeps track of your personal information and financial accounts, monitoring† for potentially fraudulent activity. And, if you suffer identity theft, you’ll get live, U.S.-based assistance from dedicated restoration specialists. Help defend against fraud and strengthen your financial security today.
FAQs about Apple Pay scams
Still wondering about Apple Pay scams? Here are some questions you might have.
Can someone steal your card info from Apple Pay?
Generally, no. Apple Pay protects your card number by displaying only the last four digits, keeping the rest hidden. That way, even if someone gains access to your account, they can’t see your full card number, adding an extra layer of security. While it’s theoretically possible a more sophisticated hacking attack could lead to complete card information being exposed, it’s highly unlikely due to Apple’s robust security measures.
Can I dispute an Apple Pay transaction?
Apple Pay functions as a digital wallet that securely stores your payment information, and like a physical wallet it doesn't handle transaction disputes. For refunds or transaction disputes, you'll need to contact your bank, because Apple doesn’t process these claims directly.
Can my Apple Pay be hacked?
Yes, your Apple Pay account can potentially be hacked like any other online account. Apple devices and accounts are not immune to hacking attempts or stolen credentials.
Does Apple Pay have buyer protection?
No, Apple Pay doesn’t offer buyer protection. It’s a digital wallet, which means it’s a place to store and send payment information rather than process payments. However, some banks and card companies cover unauthorized transactions made through Apple Pay.
†LifeLock does not monitor all transactions at all businesses.
Apple Pay is a trademark of Apple, Inc.
Editor’s note: Our articles provide educational information. LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about.
This article contains
Related articles
Start your protection,
enroll in minutes.
Copyright © 2024 Gen Digital Inc. All rights reserved. All trademarks, service marks, and tradenames (collectively, the "Marks") are trademarks or registered trademarks of Gen Digital Inc. or its affiliates ("Gen") or other respective owners that have granted Gen the right to use such Marks. For a list of Gen Marks please see GenDigital.com/trademarks.