Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

erronis

(25,218 posts)
Sat Jul 11, 2026, 12:15 PM Yesterday

How a Stranger Used One Text Message to Steal My Entire Digital Life -- Time

https://time.com/article/2026/07/07/how-a-stranger-used-one-text-message-to-steal-my-entire-digital-life/
by Ryan Pettit
Ryan Pettit is a Hawai'i-based commercial airline pilot with a background in information technology.

Consider, for a moment, the architecture of your own life. The photographs of your children. The passwords to your bank. The device in your pocket that pays for your coffee, unlocks your front door, and holds the second factor that guards everything else. Now ask a harder question: how many separate keys protect all of it, and how many of those keys are, in truth, the same key?

For most of us, the honest answer is one. One account sits beneath the others: an Apple ID, a Google login, a phone number that every "forgot password" link routes back to. We would never accept this design anywhere else.

I'm a pilot. No aircraft I have ever flown is permitted a single point of failure: every critical system carries a backup, and often a backup for the backup, so that no single fault can bring the plane down. Redundancy is the first principle of any system that cannot be allowed to fail. And yet millions of people carry their entire financial and personal identity on exactly one such lock, and think nothing of it.

On the afternoon of June 25, 2026, I learned what happens when the lock turns in a stranger's hand. It began, as these things now do, with a text message. It looked entirely official: a fraud alert about a possible unauthorized charge on my Goldman Sachs Apple Card, the credit card tied to my Apple ID. The message asked only that I reply "yes" or "no" to confirm the transaction. This is a routine, familiar request, the kind your bank sends all the time. I replied no.

A few minutes later, my phone rang. The number, the FBI would later confirm, belonged to the genuine Apple Card support line. It had been spoofed so precisely that the messages accompanying the call arrived in the same gray bubbles, with the same Apple logo, that only real Apple support uses in iMessage. Everything my eyes could check told me this was Apple. The man on the line said he was going to send a code to verify my identity, and that I should read it back to him. It is a request that feels routine in the moment, though I now know that no legitimate institution should ever make it.

. . .
46 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
How a Stranger Used One Text Message to Steal My Entire Digital Life -- Time (Original Post) erronis Yesterday OP
Wow, that is scary hauckeye Yesterday #1
I find people are more vulnerable when they are scammed on mobile devices. LeftInTX Yesterday #2
well, that was horrifying UpInArms Yesterday #3
"Windows 7"??? PatSeg Yesterday #10
windows 7-11. LOL reACTIONary Yesterday #16
I still have a Windows 7 computer also FoxNewsSucks Yesterday #22
Whoa, I didn't know you could still get updates PatSeg 20 hrs ago #41
This scam isn't dependent on the operating system. Windows, Mac, iOS, Linux, whatever. erronis 23 hrs ago #29
This is the key: Never take an inbound call from a financial company. Ms. Toad Yesterday #4
So if you are traveling and spend a decent amount of $ at a city far from where you are 99% of the time AZJonnie Yesterday #6
My Credit Union asks me to call them directly whenever I get a fraud alert. paleotn Yesterday #11
Good advice Randomthought Yesterday #14
Right. And don't click on any links in the text message (or emails!) erronis 23 hrs ago #31
Yes, I would (and have repeatedly refused). Ms. Toad Yesterday #17
I'm not quite sure I follow the logic on this piece AZJonnie Yesterday #25
And how do you know they did not call the 5, be 10, ?? other phones that were in the area Ms. Toad 20 hrs ago #42
How did they fake the credit card terminal coming back and saying "declined"? AZJonnie 11 hrs ago #44
The store may be in on it. Ms. Toad 7 hrs ago #45
No, because only if you respond to a text in the scenario I described with a 'no' I didn't make the charge AZJonnie 2 hrs ago #46
Did you read the article? BWdem4life Yesterday #20
They've got the con down pat. Progressive dog Yesterday #5
Oh wow, that poor Pilot guy! Cha Yesterday #7
"To catch a thief" - Hitchcock. We don't live in that world any more. There are thousands of thieves erronis 23 hrs ago #32
I have an Apple ID Bev54 Yesterday #8
My daughter and I were talking about our smartphones PatSeg Yesterday #9
I never reply to text of that ilk. BeneteauBum Yesterday #12
Good Info, thanks for posting BunnyMcGee Yesterday #13
Kick dalton99a Yesterday #15
This is why I love my old flip-phone JoseBalow Yesterday #18
Thanks for the head's up xuplate Yesterday #19
This exploit was from 4 years ago. Sector 001 Yesterday #21
As if in a nuclear event access to Apple products is essential. marble falls 23 hrs ago #30
I, too, have been getting suspicous calls and texts. Dem_in_Nebr. Yesterday #23
I had an episode not this serious but enough for me three years ago. I dealt with it and even hlthe2b Yesterday #24
I recommend running a VPN on your phone for all WiFi connections - even on a protected network. erronis 23 hrs ago #33
Yes... I have preached that for the past 18 months... Not all listen, however... hlthe2b 21 hrs ago #38
Great info in this thread, thanks erronis and replies.. Permanut 23 hrs ago #26
Just had a discussion with my kids about this NeoTrajan 23 hrs ago #27
Excellent ideas. Thank you. erronis 23 hrs ago #34
That's basically what I told my husband Tree Lady 21 hrs ago #40
Trust no one whose throat you cannot get your hands around. marble falls 23 hrs ago #28
Things I never do in this age of thievery. GoodRaisin 22 hrs ago #35
I wish I knew what was meant by this part of the article AZJonnie 22 hrs ago #36
That mystified me also, but you worded it well. It does seem something is missing. erronis 21 hrs ago #37
I think what they're referring to (and like you, I struggled getting through the article) Abolishinist 20 hrs ago #43
This is exactly what happened to us in Oct 2025. LtTx 21 hrs ago #39

LeftInTX

(35,228 posts)
2. I find people are more vulnerable when they are scammed on mobile devices.
Sat Jul 11, 2026, 12:35 PM
Yesterday

It's much harder to verify phishing emails on my phone. One time, I clicked a link. It asked for a password to login. I'm like, "Why are they asking for a password? Why do I need to login? I'm already logged in". So I didn't give it. Crisis averted.

The message was from Facebook, saying they were gonna remove my business page for some reason. Once they had my password, who knows what they could have done.

When I got on my computer, I could see that messsage actually came from sketchy email address/account. I could not "see" that on my phone.

This guy was traveling. He's vulnerable, he's trying to multi-task and get on a plane. He doesn't have time to verifty this or that....

I get those scam texts also.

UpInArms

(55,716 posts)
3. well, that was horrifying
Sat Jul 11, 2026, 12:41 PM
Yesterday

I think I am too stupid to have a single device that knows everything about me

I am sprawled all over the house ... an ipad ... a cellphone ... a laptop running windows 7

there is not one place that has all my passwords except a book that I cut out the interior to form a box where I keep all my stuff written down

FoxNewsSucks

(12,034 posts)
22. I still have a Windows 7 computer also
Sat Jul 11, 2026, 03:04 PM
Yesterday

I use it to store and organize my digital videos. It's connected to the "guest" wifi, and I don't use it for anything else. But it does work just fine and from time to time still gets an update.

PatSeg

(54,265 posts)
41. Whoa, I didn't know you could still get updates
Sat Jul 11, 2026, 06:59 PM
20 hrs ago

Very interesting, especially considering all the urgent messages over the years warning people to update their operating systems by a certain date because updates would not longer be available.

erronis

(25,218 posts)
29. This scam isn't dependent on the operating system. Windows, Mac, iOS, Linux, whatever.
Sat Jul 11, 2026, 04:28 PM
23 hrs ago

They aren't trying to take over your machine, PC, Mac, laptop, phone. They want access to your authentication tokens (login, password, multi-factor text message, etc.) and from there they can start to raid your online accounts. They usually already have enough information on you personally (name, address, phone#s, emails, sometimes SSN) so just a little more info from you directly can help them close the loops.

Ms. Toad

(38,979 posts)
4. This is the key: Never take an inbound call from a financial company.
Sat Jul 11, 2026, 12:50 PM
Yesterday

I am amazed at how many people treat inbound calls and texts as legitimate. If I didn't initiate it, there is no way I am providing any information.

I am also amazed at how many credit card companies use unsolicited class to confirm suspected fraud. I have had my credit cards shut off because I refuse to confirm (or deny) recent purchases when they call me our of the blue. It is ridiculous to expect a response to particularized financial questions asked in an unsolicited call. I tell them that, hang up, call the number on the back of the cad - and if it was a legitimate call, I read them the riot act for using a business model that counts on me being fiscally irresponsible.

AZJonnie

(4,288 posts)
6. So if you are traveling and spend a decent amount of $ at a city far from where you are 99% of the time
Sat Jul 11, 2026, 01:21 PM
Yesterday

And it appears legit and says "Did you just spend $857.38 at Far Flung Trading Company" and you know you did, like 10 seconds earlier, and the purchase was declined, and it makes sense this might trigger the credit card company to flag the purchase (as in this case), you refuse to reply to it, on the premise that it would be fiscally irresponsible to do so? I'm trying to reckon "how so"? Even if it was fake, what is the risk? Not saying you're wrong about it, I'm trying to see if there's something I've missed/not thought about?

About a year ago someone leveraged my Playstation Plus account to buy a bunch of games totaling over $300 and I got a fraud alert and said "No, I did not" and it was all legit (someone really had gotten hold of my password or some such), and soon after got my money (which IIRC was only on hold, not actually charged IIRC) back.

I guess what I mean is apart from the fact you'd be letting a marketer know that this phone number links to a real person, what is the 'exposure' involved in simply affirming or denying a purchase in an amount at a place? What am I missing?

paleotn

(23,261 posts)
11. My Credit Union asks me to call them directly whenever I get a fraud alert.
Sat Jul 11, 2026, 01:59 PM
Yesterday

No call back to the number that left the message. No response to a text. I just call the fraud line directly during their operating hours and they take care of it from there.

It seems with all the seamlessness of one google sign in or Apple ID, both have created a single point of failure. Get that info, which apparently isn't hard to do, and they've got the keys to the literal kingdom. My credit union short circuits all that. Plus asks me about 50 questions my better half doesn't even know all the answers to.

Randomthought

(1,098 posts)
14. Good advice
Sat Jul 11, 2026, 02:15 PM
Yesterday

Never call number in text or email. Look up the number of bank orcrdit card company yourself.

Ms. Toad

(38,979 posts)
17. Yes, I would (and have repeatedly refused).
Sat Jul 11, 2026, 02:42 PM
Yesterday

Any unsolicited call about financial information. Should be declined. Flip your card over and call the number in the back of the card. Anything that can be resolved by phone you can resolve with a call you initiate.

That way you know you are speaking with someone you have agreed to have a financial relationship with - not someone who randomly got some information about you and is seeking more, in order to perpetrate a fraud.

I don't know the details of everything that can go wrong, but phone numbers and credit cards can both be skimmed, so confirming that whoever is calling has reached a person who is connected to a specific active credit card at a specific phone number helps them build a financial profile connected to you. The more information they have, the easier it is to effectively perpetrate a fraud.

And most of the credit card calls are, unfortunately, legitimate - so they are training people to give, or confirm, financial information to unknown, unsolicited callers. The only way for you to confirm who you are talking to, is for you to initiate the call.

AZJonnie

(4,288 posts)
25. I'm not quite sure I follow the logic on this piece
Sat Jul 11, 2026, 03:40 PM
Yesterday

"confirming that whoever is calling has reached a person who is connected to a specific active credit card at a specific phone number helps them build a financial profile connected to you"

In the specific case I described (which is by far the most common instance in which I receive fraud alerts regarding accounts I know are actually mine), the (possible) fraudsters are calling/texting you regarding a credit card purchase you know you actually attempted to make. Which means they *already know* that the phone number and credit card are linked. Therefore, somebody replying 'yes, I attempted to make this purchase' doesn't tell them anything more than what they already know, except that, at least at times, someone or something will reply from this particular phone number. It does not establish that they've reached a person who is connected to the card.

I guess what I'm saying is I absolutely get the logic of not responding to fraud alerts where you know you did NOT make/attempt to make a purchase (obviously especially true when you don't even have such an account). But if you are trying to make a purchase, the merchant says it was declined, and 10 seconds later you get a text that seems to be from your bank saying "did you attempt to make this purchase" and it's the correct card, amount and place you are at, I cannot grok the risk in replying "yes", in order to allow your purchase to go through, and avoid the hassle of your card being shut off.

Though I concede I may be inclined to justify taking an action that I myself do on the regular

Ms. Toad

(38,979 posts)
42. And how do you know they did not call the 5, be 10, ?? other phones that were in the area
Sat Jul 11, 2026, 07:27 PM
20 hrs ago

When they grabbed your number and ask them the exact same question about **your** last credit card charge?

They would have been suspicious, and hung up. When you answer their question, you are connecting your number to **your** card, and not one that belonged to one of the other numbers they skimmed.

AZJonnie

(4,288 posts)
44. How did they fake the credit card terminal coming back and saying "declined"?
Sun Jul 12, 2026, 04:07 AM
11 hrs ago

The one thing that IS secure is that sort of stuff, these hackers can't override credit card terminals. Also, you've switched to talking phone calls, I'm talking about the specific case of texting back 'yes I am making this purchase' when my bank texts and I know the card was just declined. This is really not a fakeable scenario that I'm able to see. You're right there a LOT that are, esp. when it's out of the blue and/or it's not even a real account of yours. This is one case that's really not, as best I can tell.

But of course as you say, some may prefer to not chance it and don't mind restarting a card. Nothing wrong with that

Ms. Toad

(38,979 posts)
45. The store may be in on it.
Sun Jul 12, 2026, 08:10 AM
7 hrs ago

Or, depending on the technology used, a third party may have installed a card skimmer on the terminal you used, as was popular a free years ago with ATM machines.

And whether it was a vibe call or a text, the risks are the same. The initial contact with the victim in the article was a text.

Ironically, here is one of the main offenders (Chase) identifying unsolicited calls as suspicious activity:

Warning signs of a banking scam
Scammers rely on fear, urgency, and the promise of a quick solution to bypass your better judgement. Recognizing the red flags that mark potential bank impersonation scams is one of the best ways to help protect yourself. Here are some examples of suspicious activity:

Unsolicited contact: If you get an unsolicited call or text from your bank regarding an urgent issue, treat it with caution, you can always hang up and call back using the contact info found on the back of your card or account statement.


Your last comment contradicts the scenario you set up. In your scenario, your card is already declined. So whether you respond to the questions of the unsolicited caller or call the number on the back of the phone the card needs to be restarted. Why would you choose to provide information to someone whose identity you don't know when it takes so little to hang up to ensure you are actually speaking with someone associated with your card.

Bottom line, it is just a stupid risk to take to provide any information in response to an unsolicited call or text (or email, for that matter). Do some searching. You'll find everything I have suggested above being used as part of financial fraud. Ignore it at your own peril.

AZJonnie

(4,288 posts)
46. No, because only if you respond to a text in the scenario I described with a 'no' I didn't make the charge
Sun Jul 12, 2026, 01:15 PM
2 hrs ago

that's when your card gets suspended in a way that causes them to disallow all further activity on the card. If you say 'yes I did' then the merchant tries the card again and it will work, and the card is then not further suspended.

I suppose yes if the thief is hanging out nearby and scraping phone numbers and texting everyone 'hey did you make this purchase' in a manner that's professional-looking enough to trick the card holder, and that real cardholder is the only one who replies 'yes I'm trying to make the purchase' + the business is 'in on it' such that they're using a counterfeit payment terminal that will pretend to decline certain purchases such that the in-store criminals they're working with get the chance to perpetrate the text scheme, then yes, in that case, the criminal then adds knowledge of the phone number associated with the account.

So I'll stipulate that if the text comes in when you're at a small store that feels like it might be really sketchy generally, that's a higher risk. But that's not going to happen at, say, Costco or another similar large corporation. And you'd have to get pretty unlucky with "timing" because that's highly illegal stuff and the credit card companies will blacklist that business and report them to authorities pretty damn quickly, and they WILL act. The security of the systems by which people pay for purchases through bank cards drives the entire world's system of commerce is taken pretty seriously. A shop is not going to survive long as a business if they are actually a front for a credit card theft scheme. They'll get caught, and go to jail.

I'm pretty much saying there's one and only one scenario where, if you get an unsolicited text appearing to come from your institution (and you know your institution uses a system like this, like BofA does) that I think it's reasonable to respond to it. If others feel it's not worth the risk, I'm not faulting them for it. But you've brought me around to the idea that it carries SOME risk, esp. if you're at some sketchy outfit, like a roadside gift shop in the middle of Nowheresville.

Thanks for the talk

BWdem4life

(3,181 posts)
20. Did you read the article?
Sat Jul 11, 2026, 03:00 PM
Yesterday

That’s exactly how it started, with a simple “no” reply to a text asking to verify a credit card purchase.

Progressive dog

(7,662 posts)
5. They've got the con down pat.
Sat Jul 11, 2026, 01:16 PM
Yesterday

I never reply to that kind of a text message or e-mail. I will check my account only by logging in online. I still worry.

Cha

(321,820 posts)
7. Oh wow, that poor Pilot guy!
Sat Jul 11, 2026, 01:47 PM
Yesterday

I always used Google to check if those official-looking texts from ATT and a lot of the other companies were real, and they always said No.

Now I just Report and Delete them So many scam artists out there.

I can see why he thought it was real, though. TY for this Pilot's harrowing cautionary tale, erronis. It's even more harrowing at the link

Sigh.. All that technology was making me dizzy. I kept hoping somehow the Police or FBI could catch the thief!

erronis

(25,218 posts)
32. "To catch a thief" - Hitchcock. We don't live in that world any more. There are thousands of thieves
Sat Jul 11, 2026, 04:35 PM
23 hrs ago

waiting to take over if one gets caught.

Have you seen to pictures of the boiler-room operations where hundreds of people are on the phone simultaneously trying to scam people around the world? I've read that many of the scammers themselves are essentially slaves. The masters are of the thiel/trump/epstein class.

PatSeg

(54,265 posts)
9. My daughter and I were talking about our smartphones
Sat Jul 11, 2026, 01:56 PM
Yesterday

We don't want any unnecessary aps on them, as we feel they are too vulnerable. Honestly, we'd like to go back to dumb phones and just use them for phone calls and text messages. It is interesting to see that is a relatively common trend these days.

I have a PC and a laptop. I don't need more access than that.

BeneteauBum

(1,021 posts)
12. I never reply to text of that ilk.
Sat Jul 11, 2026, 02:14 PM
Yesterday

If I get a phone call, I just ask that the paperwork be sent to my PO Box. I don’t furnish any information…..my standard replies are: why do you ask and isn’t that in the file? Same with email. I have yet to received any written communication from scammers……and to date haven’t had any theft issues.

All my user names and passwords are genus/species names of my favorite fauna interspersed with notable dates……most over 30 characters long but easy to remember. Example: 19(genus name of golden goddess nudibranch)74(species name for the golden goddess)01. This is recorded as 197401goldengoddess in a notebook in case I need to a reminder. 19Hypseloldoris74edenticulata01……not an active password. Let the hackers figure that out.

Peace ☮️

BunnyMcGee

(493 posts)
13. Good Info, thanks for posting
Sat Jul 11, 2026, 02:15 PM
Yesterday

Makes my head and gut hurt a little too thinking of a few times I fortunately did not respond and then blocked the number.

xuplate

(275 posts)
19. Thanks for the head's up
Sat Jul 11, 2026, 03:00 PM
Yesterday

These scams are getting very, very sophisticated. A different experience I had was with a scam that identified purchases on my Citibank card, processed through ApplePay, as being made in person in Brazil while I was physically visiting Boston. I had incidences of unauthorized card use that occurred while on 3 separate trips to Boston. On reflection I think they were related to wireless card theft. I now have an RFID blocking card next to my credit cards in my wallet and haven’t had any reoccurrences. I asked the Citibank fraud representative if they really work and he said yes.

Sector 001

(441 posts)
21. This exploit was from 4 years ago.
Sat Jul 11, 2026, 03:01 PM
Yesterday

It affected all Apple products that received an I message. No clicks involved.

Dem_in_Nebr.

(385 posts)
23. I, too, have been getting suspicous calls and texts.
Sat Jul 11, 2026, 03:25 PM
Yesterday

The latest one involved a supposed scam by an (unidentified) company that they claimed, had been overcharging its customers, They were trying to reach me because I had been identified as a legitimate claimant.
Fortunately, I just let all unidentified calls go to voice mail but they were trying to reach on email as well. These were in my scam email folder.
It's a bit scary to have them try to reach me by two means of communication.

hlthe2b

(115,463 posts)
24. I had an episode not this serious but enough for me three years ago. I dealt with it and even
Sat Jul 11, 2026, 03:25 PM
Yesterday

went to the regional FBI office--who were not helpful. Maybe if I had DJT levels of (stolen/grifted) $$$$. that said, I did manage to get a report out of them for future "protection" and validation. They were interested from the standpoint of the DEA (as mentioned below) but not from my own data compromise and stolen funds.

I still have trouble talking about it because unlike this article, it was not clearly my own single preventable mistake but a unfortunate combination of factors. I was doing a favor covering for a colleague at his clinic and his wifi was inadequately protected but likewise being targeted for DEA numbers--apparently in a planned drug theft ring. But, while they were in his wifi, well... my own cell was connected temporarily to let me access some clinically-relevant, but more general information. It had never occurred to me that his wifi would not be super secured, but... Today, there are readily available VPNs and far more comprehensive security software for cell phones, which I have since acquired and use religiously. But, even three years ago? Not so much.

Well, it is still painful and I will likely never be fully "whole" from the incident--on any level.

So, be careful folks. This article is useful, but do some additional reading too.

erronis

(25,218 posts)
33. I recommend running a VPN on your phone for all WiFi connections - even on a protected network.
Sat Jul 11, 2026, 04:42 PM
23 hrs ago

That way you just have the phone automatically bring up a VPN when it starts up and doesn't drop it.

I won't recommend a particular VPN and I'm also getting a bit paranoid about them also. Also, some banks and other commerce sites don't like connections that come from a known VPN endpoint, but the VPN can be turned off temporarily during that interaction.

NeoTrajan

(107 posts)
27. Just had a discussion with my kids about this
Sat Jul 11, 2026, 04:23 PM
23 hrs ago

The rule:

No matter WHO sends you a message, by email, by text, facebook/twitter message, or by phone call (especially by phone call)

NEVER click any links

ALWAYS look up the actual, legitimate contact numbers on the actual, legitimate website, and contact your bank/financial org ONLY through those legitimate numbers, period .... NEVER follow the message directions, don't press Y or N or 1,2,3 etc ... Don't use ANY of their information to make contact .... Only the contact numbers YOU provide yourself

Tell the real bank you think you are being scammed, and that you have NO intention of moving any money or changing your PW (yet)

Ask the real bank if there are problems with any of your accounts

I also mentioned hanging up on calls from your legitimate bank, for the same reasons in this story: Even though it's from your bank, it's possibly a part of the scam ... Don't feel obligated to stay on the line: hang up and call the real bank - They won't be mad at you

Following through with those directions completes the scam, and allows them to take over your account, so, just hang up, and call directly to your bank using your own info

BTW, they can target other accounts: Utilities, Streaming channels, ANYWHERE you keep card info

The same rule applies: NEVER do anything by message or by receiving a call, even from those legit orgs: hang up and call directly after finding the real numbers ... You can apologize for hanging up when you call them back

Assume every message is a scam, and act accordingly

Tree Lady

(13,466 posts)
40. That's basically what I told my husband
Sat Jul 11, 2026, 06:38 PM
21 hrs ago

Who is not as techie as me. He starts to believe some of them, I said delete everything that comes or show me. I do all of our bills.

No reason anything should be sent to him since I give my number for bills but they still do.

GoodRaisin

(11,233 posts)
35. Things I never do in this age of thievery.
Sat Jul 11, 2026, 04:55 PM
22 hrs ago

1. Answer the phone for anyone not in my contact list. 99% + of unknown callers are scammers. No need to open that door and invite them in to steal from me.

2. Click on links in emails or text messages.

3. Answer the door when unexpected callers ring my doorbell.

4. Put my credit card on my phone or any device. It stays in my RFID blocking wallet.

5. Put my IRA password on my phone or any device. It is safely hidden in my home.

I do check my bank and credit card account for unknown charges frequently. I also check my credit report frequently to make sure no new accounts have been set up in my name. If someone does manage to steal my information and start stealing from me, I will be on top of it fast. So far I have avoided identity theft, not that the thieves haven’t tried.

AZJonnie

(4,288 posts)
36. I wish I knew what was meant by this part of the article
Sat Jul 11, 2026, 05:36 PM
22 hrs ago

"The number, the FBI would later confirm, belonged to the genuine Apple Card support line. It had been spoofed so precisely that the messages accompanying the call arrived in the same gray bubbles, with the same Apple logo, that only real Apple support uses in iMessage."

The terms ("belonged to the genuine" and "only real Apple support uses" ) and "spoofed" are mutually exclusive.

Honestly this article could do a lot better job explaining which action he took caused which problem. Because taking this at face value, it implies literally any text you ever reply to, or any phone call you pick up, puts you in danger of your Apple ID instantly being compromised, and along with it, your SSN. The fact that any of this had anything to do with any supposed fraud alert seems coincidental, and I'm left wondering if the fraudsters could've done the exact same stuff w/o ever calling or texting. I think an important part of the interaction during the texts and phone calls is actually omitted here, perhaps at the request of Apple's lawyers as it could involve a vector they don't want to become known.

erronis

(25,218 posts)
37. That mystified me also, but you worded it well. It does seem something is missing.
Sat Jul 11, 2026, 05:48 PM
21 hrs ago

And since this pilot is also tech savvy you'd think it would have been included.

Abolishinist

(3,132 posts)
43. I think what they're referring to (and like you, I struggled getting through the article)
Sat Jul 11, 2026, 07:28 PM
20 hrs ago

is that the number that appeared on his phone was a legitimate number for Apple. I've had this happen on the landline at the office, where it appears the police department or whomever is calling because the number that shows IS their number. Somehow the scammers are able to do this. Add to this the logos or whatever else that showed were familiar to him.

And the following at first did not makes sense either, having him repeat the number. Like, if they knew the number, why have him repeat it, right? But here's the thing, they did NOT know the number, the number was the final piece of what they needed. They had enough info to attempt to get into his account, but they couldn't get by the verification process.

So they started the login, Apple then sent the number to his phone, which when given to the scammers allowed them to enter it and take over.

At least that's my take on it.

LtTx

(109 posts)
39. This is exactly what happened to us in Oct 2025.
Sat Jul 11, 2026, 06:35 PM
21 hrs ago

Luckily about 3 or 4 hours later I started having doubts.. Called and cancelled 31k worth of charges. Pay Pal was also involved. We notified them also 3 hours later. They dismissed our claim outright but the credit cards did not, so PayPal is left holding the bag. Mine involved a Fidelity account and they spoofed Fidelity's number. We reported it to the FBI line and our local sheriff office. Everything looked so legit.

Latest Discussions»General Discussion»How a Stranger Used One T...