Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters. A reader shared an email with BleepingComputer that appeared to be a standard Apple security notification that stated their account information had been updated. However, embedded within the message was a phishing lure claiming that an $899 iPhone purchase had been made via PayPal, along with a phone number to call to cancel the transaction. "Dear User 899 USD iPhone Purchase Via Pay-Pal To Cancel 18023530761," reads the Apple account phishing email. "The following changes to your Apple Account, [email protected], were made on April 14, 2026 at 7:01:40 PM GMT:" These emails are designed to trick recipients into thinking their accounts were used for fraudulent purchases and scare them into calling the scammer's "support" number. When calling the number, scammers typically try to convince victims that their accounts have been compromised and may instruct them to install remote access software or provide financial information. In previous callback phishing campaigns, this remote access has been used to steal funds from bank accounts, deploy malware, or steal data.