Monthly Archives: February 2026

New Phishing Scam to Apple Users (Mac and Devices)

By | | , , , ,
Leave a comment

Background

I got this email today. It is absolutely a SCAM! But it’s one of the more tricky ones, so I thought I’d instruct you on how to check.

Firstly, do note the To: area, and the Reply-To: areas on the upper left. People may be swayed by the whole FROM: Apple <noreply.email.apple.com> but, but the To and Reply-To are the first clue. SOME of you may even know how to view and read the hidden header information, and in this one, it was SURPRISINGLY legitimate looking, unless you looked closely. This email is trying to tell me that an app-specific password was created by an app, and I somehow authorized a large payment.

DO NOT CLICK ANY OF THE LINKS IN THE EMAIL!!!

Phishing email requesting App-Specific Password

What is an App-Specific Password

It’s an extra level of security for applications to access your information. Some applications are not built as securely as Apple (or Microsoft, or Google) native apps. For example, third party email applications, and in my case, I use them for my BusyCal and BusyContacts, as I’m not a fan of the Mac native apps for those things. It’s created BY YOU, for those apps, but they request that you create it, for them to run. Not a hard process to do, and you would be walked through it. HOWEVER, if someone does get into your very secure server ID (eg: iCloud), they could do all sorts of things.

How to Prevent Others Logging Into Your AppleID (or other platforms)

  1. Turn on Two-Factor Authentication, on any app you can.
  2. Use unique and difficult passwords – and don’t repeat them.
  3. Use a Password Manager Application, with excellent security protocols.

Resolution

But the REAL way to check this is to log in to your account at appleid.apple.com. This here is NOT a link – don’t try to click it. Open a new browser window, and hand-type it in! Then, login using your credentials. This will bring you to a screen with a number of blocks. At the bottom left is a button to view ALL of the App-Specific Passwords you’ve created, and the dates they were created. This is a good time to make sure you recognize any apps listed, and the dates the App-Specific Password was created. If you don’t recognize one of them, hit the minus sign to the left of the item in your list. If you don’t recognize ANY of them, use the Revoke all feature at the bottom,  and pursue further actions, like changing your Apple ID login information, and securing all your accounts.

It might be helpful to note that I have multiple dates on some (A responsible app may periodically ask you to create a new one, for security’s sake). And, that each of my devices required their own.

App-Specific Passwords Button on AppleIDView of App-Specific Passwords list and where to delete them

All of this may seem like a LOT, but it’s my hope that you will make sure to NOT touch any links in any suspicious email – and even if it doesn’t look suspicious, but you didn’t expect it – DOUBLE CHECK!