‘I'm smarter than this': Watch out for Apple phishing scam
Action 9 picked up on a new phishing scam.
It's like the money app ones Jason Stoogenke always warns you about, the ones where scammers pretend to be with your bank's fraud department and call you, saying you've just fallen victim to a con and that they're there to help.
This version involves Apple, specifically Apple Pay, Apple credit cards, and iCloud.
Kristi Fabregas says she got a message 'that somebody tried to take almost $13,000 on my Apple card and it was declined.'
'Couple minutes later, my phone rang, said it was Mr. Williams from Apple fraud support,' she told Stoogenke. She says the scammer gave her instructions, which ultimately gave him access to her account and other apps, including her bank.
MORE ACTION 9: Man says scammer stole $280K from retirement account and now he has tax problems on top of huge loss
'They ended up getting my bank account number and transferring $1,400 out,' she said. She says the thief kept stealing money beyond that. 'As of right now, [$]2,200,' she said.
And that's not all. 'They have all my contacts, all my pictures, for the last 20-plus years,' she said.
'Very frustrating. I'm like, 'I'm smarter than this.' I'm like, 'I know better.''
A Channel 9 employee was also targeted. A scammer texted her that someone had used her iCloud information to spend $143 using Apple Pay. In that case, the con artist wanted her to call a certain number or click a certain link to stop the bleeding. She didn't fall victim.
Action 9 contacted Apple to see if it could help Fabregas and whether it had any other advice for consumers. We didn't hear back in time for this report.
- Know this scam is going around.
- Be suspicious if any company contacts you out of the blue, especially if they say they're with the fraud department and that you need to act fast.
- If you think there's any truth to it, hang up and look up the right number for the business.
- If they try to talk you out of that, take that as a red flag.
VIDEO: Using a QR code to park? Ensure it's not a scam sticker

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
8 hours ago
- Yahoo
Domestic dispute turns to gunfire, killing 1 man in Tampa: TPD
The Brief A domestic dispute in Tampa turned to gunfire, killing one man, according to police. Police say that all the people involved are related or known to each other. A woman was also hospitalized with serious injuries, but she is now stable. TAMPA - One person is dead and another is injured after Tampa police say a domestic-related dispute escalated into a shootout on Sunday morning on the 1700 block of N Club Court. Investigators say that one of the people involved remained at the scene, and he has been cooperating with them. A man was taken to a local hospital where he later died, and a woman was also hospitalized with serious injuries, but she is now stable. Police say that all the people involved are related or known to each other. At this point, TPD says that the incident appears to be isolated and there is no threat to the public. READ: Trump sends National Guard to LA County amid anti-ICE protests What's next The investigation is ongoing and more details will come from the Tampa Police Department. CLICK HERE:>>>Follow FOX 13 on YouTube The Source Information for this story was provided by the Tampa Police Department. STAY CONNECTED WITH FOX 13 TAMPA: Download the FOX Local app for your smart TV Download FOX Local mobile app: Apple | Android Download the FOX 13 News app for breaking news alerts, latest headlines Download the SkyTower Radar app Sign up for FOX 13's daily newsletter
Yahoo
10 hours ago
- Yahoo
Brooksville house fire likely caused by charging lithium-ion batteries: HCFR
The Brief A Brooksville house fire on Saturday afternoon was likely caused by charging lithium-ion batteries inside the home, according to Hernando County Fire Rescue. The two people inside the home were able to escape safely before calling 911, according to HCFR. Crews say that the damage from the fire was not bad enough to displace the residents. BROOKSVILLE, Fla. - Hernando County Fire Rescue was called to a home on the 800 block of Live Oak Dr. in Brooksville on Saturday afternoon after a fire broke out inside the home. Crews say they believe that the fire started from charging lithium-ion batteries inside the house. The two people inside the home were able to escape safely before calling 911, according to HCFR. Crews say that the damage from the fire was not bad enough to displace the residents. READ: Man admits to killing parents in Largo, describes it as 'righteous kill': PCSO Hernando County Fire Rescue is warning people to not continuously charge lithium-ion batteries, especially inside your home. What they're saying "As a safety reminder, do not continuously charge Lithium-ion batteries, especially inside your home, as when the battery fails they can create a very deadly gas release that can incapacitate people before overheating and spontaneously catch fire." CLICK HERE:>>>Follow FOX 13 on YouTube The Source Information for this story was provided by Hernando County Fire Rescue. STAY CONNECTED WITH FOX 13 TAMPA: Download the FOX Local app for your smart TV Download FOX Local mobile app: Apple | Android Download the FOX 13 News app for breaking news alerts, latest headlines Download the SkyTower Radar app Sign up for FOX 13's daily newsletter


Fox News
17 hours ago
- Fox News
How to tell if a login alert is real or a scam
Online scams thrive on the urgency and fear of their victims. If you've ever been a victim of a scam, you'd know that bad actors often try to rush you into taking action by creating a sense of fear. A scammer may call you impersonating a government agency and claim your Social Security number has been linked to drug trafficking. A phishing email might ask you to update your tax details or claim you've won a lottery or a free product, all to get you to click a malicious link. A more effective tactic scammers use is sending fake login alerts. These are warnings that someone has logged into your account, prompting you to take immediate action. This method works well because legitimate services like Google, Apple, Netflix and Facebook also send these types of notifications when someone, including you, logs in from a new device. It can be tricky to tell the difference. As Robert from Danville asks, "I constantly get in my spam junk folder emails saying 'someone has logged into your account.' Is this spam? legitimate? concerning? How do I know? How to avoid wasting time checking? How do I check?" Thanks for writing to us, Robert. I completely understand how tricky it can be to figure out whether these messages are legitimate or just another scam attempt. Let's break down what these urgent warnings usually look like and go over a few ways you can stay safe. Scammers often pose as login alerts from Google, Apple, Meta or even your bank, complete with official-looking logos, because fear is effective. But not every alert is a scam. In many cases, these notifications are legitimate and can help you detect unauthorized access to your accounts. Let's focus on the scam side first. Login alert scams have been around for a while. Early reports date back to 2021, and the trend has persisted since then. In 2022, reports surfaced that scammers were impersonating Meta and sending phishing emails to users. One such email used a clean layout with minimal text. It avoided the usual scare tactics and stuck to a simple message. But that is not always the case. A common red flag in phishing attempts is the tendency to overload the email with unnecessary details. These messages often include cluttered formatting, excessive explanations and an increasing number of typos or design errors. One phishing email simply gets to the point: Someone tried to Iog into Your Account, User lD A user just logged into your Facebook account from a new device Samsung S21. We are sending you this email to verify it's really you. Thanks, The Facebook Team What's concerning now is that poor grammar is no longer a reliable sign of a scam. Thanks to AI, even those with limited English skills can write emails that sound polished and professional. As a result, many phishing messages today read just like legitimate emails from trusted companies. Receiving a phishing email is not the real issue. The real problem starts when you click on it. Most of these emails contain links that lead to fake login pages, designed to look exactly like platforms such as Facebook, Google or your bank. If you enter your credentials there, they go directly to the scammer. In some cases, simply clicking the link can trigger a malware download, especially if your browser is outdated or your device lacks proper security. Once inside, attackers can steal personal information, monitor your activity or take control of your accounts. Real login notifications do exist; they're just much less scary. A genuine alert from Google, Apple or Microsoft will come from an official address (for example, no-reply@ or security@ and use consistent branding. The tone is factual and helpful. For instance, a legit Google security alert might say, "We detected a login from a new sign-in to your Google Account on a Pixel 6 Pro device. If this was you, you don't need to do anything. If not, we'll help you secure your account." It may include a "Check activity" button, but that link always redirects to a address, and it won't prompt you to reenter your password via the email link. Similarly, Apple notes it will never ask for passwords or verification codes via email. 1. Don't click any links or attachments and use strong antivirus software: Instead, manually log in to the real site (or open the official app) by typing the URL or using a bookmarked link. This guarantees you're not walking into a scammer's trap. The FTC recommends this: if you have an account with that company, contact them via the website or phone number you know is real, not the info in the email. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 2. Remove your data from the internet: Scammers are able to send you targeted messages because your data, like your email address or phone number, is already out there. This often happens due to past data breaches and shady data brokers. A data removal service can help clean up your digital trail by removing your information from public databases and people-search sites. It's not a quick fix, but over time, it reduces how easily scammers can find and target you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. 3. Check your account activity: Go to your account's security or sign-in page. Services like Gmail, iCloud or your bank let you review recent logins and devices. If you see nothing unusual, you're safe. If you do find a strange login, follow the site's process (usually changing your password and logging out all devices). Even if you don't find anything odd, change your password as a precaution. Do it through the official site or app, not the email. Consider using a password manager to generate and store complex passwords. 4. Enable two-factor authentication (2FA): This is your best backup. With 2FA enabled, even if someone has your password, they can't gain access without your phone and an additional second factor. Both Google and Apple make 2FA easy and say it "makes it harder for scammers" to hijack your account. 5. Report suspicious emails: If you receive a suspicious email claiming to be from a specific organization, report it to that organization's official support or security team so they can take appropriate action. You shouldn't have to vet every sketchy email. In fact, your email's spam filters catch most phishing attempts for you. Keep them enabled, and make sure your software is up to date so that malicious sites and attachments are blocked. Still, the most powerful filter is your own awareness. You're definitely not alone in this. People receive these spammy login scares every day. By keeping a cool head and following the steps above, you're already ahead of the game. Have you ever encountered a suspicious email or phishing attempt? How did you handle it, and what did you learn from the experience? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.