Skip to content
Kinja.
Technology·Feature0277

Apple Pay Transaction Text Scams: The 5-Tell Pattern That Gives Every Version Away

The FTC tracked $470 million in losses to text scams in 2024, five times the 2020 figure. The Apple Pay variant has five identifiable tells that show up together every time. Knowing the pattern lets you delete the message in two seconds instead of two minutes.

Alex ChenAlex Chen
9 min read
Share
An iPhone lock screen glowing on a deep red surface, evoking the urgent fraud-alert texts scammers send to impersonate Apple PayPhoto · Kinja
  1. 01The five tells that show up in every version
  2. 02Why the pattern works and where it leads
  3. 03What an actual Apple Pay alert looks like
  4. 04What to do with the text
  5. 05Frequently Asked Questions

The Apple Pay transaction text scam is one specific instance of what the Federal Trade Commission catalogs among the top text-message scam categories of 2024 and 2025. It is also one of the easiest scams to identify once the pattern is visible. The message arrives looking like a legitimate Apple Pay fraud alert, with a specific dollar amount, a real-sounding merchant name, and a phone number to call if you did not authorize the transaction. The point of the message is the phone number. Everything else is window dressing designed to make calling that number feel reasonable. Once you call, the actual scam begins.

Key Takeaway

  • The FTC tracked $470 million in consumer losses to text scams in 2024, five times the 2020 figure, with fake fraud alerts among the top categories.
  • The Apple Pay variant has five tells that appear together: a specific merchant name like "Apple Store (CA)," a specific dollar amount, urgency framing, a call-back phone number, and a "Reply STOP" footer.
  • Real Apple Pay transaction alerts come through the Wallet app on your device, not as SMS messages. They never include a phone number to call.
  • Forward suspicious texts to 7726 (SPAM), report at ReportFraud.ftc.gov, email a screenshot to reportphishing@apple.com, then delete the message.
  • Apple cannot stop the texts at the source because they originate from third-party numbers across carrier networks. Pattern recognition is the only reliable defense.

The five tells that show up in every version

The Apple Pay scam text comes in dozens of variations, but the underlying template is consistent. Five elements appear together so often that any text claiming to be an Apple Pay alert containing all of them can be deleted without further investigation:

1. A specific dollar amount in the message body, often something just unusual enough to draw attention. The amount $143.95 appears in multiple documented variants, showing up in both Apple Security Alert and iCloud-themed scam text reports, but the figure rotates by campaign. The point of the dollar amount is that it triggers a "wait, that is not me" reaction. A round number would not.

2. A specific merchant name that sounds plausible. "Apple Store (CA)" is the most-documented variant, referencing a California Apple Store location. Other documented variants frame the charge as an iCloud storage renewal or use a generic "Apple Security Alert" header. Real Apple Pay notifications identify the merchant as it appears in your Wallet transaction history, drawn from the card network's merchant data.

3. Urgency framing. The text says the transaction was "restricted," "paused," "placed under review," or "blocked due to suspicious activity." The framing implies there is a clock running and that calling now will reverse the issue. Real Apple fraud detection does not work this way. If Apple flagged a charge, the notification would direct you to the Wallet app, not a call.

4. A phone number to call. This is the part that turns the scam from annoying to dangerous. Real Apple Pay alerts never include a phone number for support callback. Apple's own published guidance, in the same support documentation that explains how to recognize social engineering, says to hang up immediately on any unsolicited call claiming to be from Apple Support.

5. "Reply STOP to opt out" or similar boilerplate at the end of the message. This is mimicry of legitimate business texts that are required to include opt-out language under telemarketing rules. The scam texts include it specifically because legitimate texts include it, so its presence has been weaponized as a trust signal. Apple does not send Apple Pay alerts through SMS marketing channels that require an opt-out, so the "Reply STOP" footer is itself a tell when paired with the rest of the message.

Why the pattern works and where it leads

The scam works because it copies the format of a real fraud alert closely enough to bypass the half-second skepticism most people apply to obvious phishing. There is no broken grammar, no foreign-looking URL, no all-caps urgency. The text reads like a security notification from a company you actually use. That is the entire engineering of the attack.

What happens after you call the number is the part the text message does not show. The person who answers identifies themselves as Apple Support and asks you to verify your account by walking through a series of steps. Those steps end somewhere on this list, depending on which variant you got. Granting remote access to your device via AnyDesk, TeamViewer, or Zoho Assist. Reading off a code that authorizes a bank transfer. Buying Apple gift cards to "secure" the charge while the team investigates. Or providing the verification code that just arrived from your bank, which the scammer is using in real time to log into your account from their end. None of these are recoverable once completed. The gift cards are gone. The remote access tool is installed. The bank wire is irreversible.

The reason the scam keeps working is that Apple cannot stop the texts at the source. The messages are sent from third-party numbers across thousands of carrier networks and burner SIMs. Apple's authority extends to its own platforms (Mail, Messages from verified senders, the App Store), not to the broader SMS ecosystem that the scams run on. Apple can ban a sender from iMessage. It cannot prevent a SIM-swap operation from spinning up a new number tomorrow.

The FBI calls this category "smishing," its term for phishing delivered through SMS. The FBI's 2024 Internet Crime Complaint Center report logged 193,407 phishing and spoofing complaints, more than any other crime category by complaint count. Direct losses attributed to phishing itself were $70 million, but phishing is typically the first step in larger frauds: total reported losses across all IC3 categories hit $16.6 billion in 2024, a 33 percent jump from 2023. The FTC's separate 2024 data, which tracks consumer-reported text scam losses specifically, hit $470 million, five times the figure from 2020. The fake-fraud-alert subcategory is one of the top five text scam types the FTC tracks.

What an actual Apple Pay alert looks like

Real Apple Pay transaction alerts appear inside the Wallet app on your device. They include the merchant, the card used, the location, and the amount. They do not come as standalone SMS messages. The push notifications generated by Apple Pay transactions go through your device's notification system, not through your carrier's SMS service. The distinction matters because the carrier-delivered SMS channel is exactly where scammers can mass-target phone numbers without any prior relationship to the victim's Apple ID or device.

If you want to confirm a transaction without engaging with a suspicious message, open the Wallet app and check your card's transaction history. If something is missing or wrong, contact your card issuer using the phone number printed on the back of your physical card. Do not use the phone number from the text message under any circumstances. The phone number is the part of the scam designed to capture you.

If you have already shared your Apple ID password with a caller, change it immediately at appleid.apple.com from a known-clean device, then walk through Apple's Safety Check tool on iPhone to revoke any sessions or sharing relationships that may have been added during the call. If you handed over a banking code, call your bank's published fraud line (the number on the back of the card, not the one from the text) within minutes rather than hours. Most banks will reverse a wire only inside a very short window.

What to do with the text

The Federal Trade Commission's recommended actions are short and worth following exactly:

  1. Forward the message to 7726 (the number that spells SPAM on a keypad), which lets your wireless carrier flag and block similar messages across its network.
  2. Use the Report Junk option under the message in iMessage, or the equivalent in Google Messages on Android.
  3. Report the scam at ReportFraud.ftc.gov.
  4. Forward a screenshot to reportphishing@apple.com so Apple's security team can track the variant.
  5. Delete the message.

The longer pattern the FTC is tracking is that smishing keeps growing because mobile texting is a cheap distribution channel, the scam is psychologically optimized (a real fraud alert is the one notification you are most primed to act on), and the second stage on a phone call gives the scammer real-time control of the conversation. Knowing the five tells in the text means you can stop the attack before it gets to the phone call. The phone call is where the money goes.

For a broader look at the security layer underneath all of this, our guide to the best antivirus software in 2026 covers the desktop and cross-platform tools that block the second-stage payloads after a phishing click, and our password manager roundup walks through the single change that does the most to limit the damage if a credential ends up in a scammer's hands.

Frequently Asked Questions

Is the Apple Pay transaction text I got real?

If the text arrived as an SMS message and includes a phone number to call, a specific dollar amount, a merchant name like "Apple Store (CA)," urgency language about a "restricted" or "paused" transaction, and a "Reply STOP" footer, it is a scam. Real Apple Pay transaction alerts appear inside the Wallet app on your iPhone, not as SMS messages, and never include a phone number for callback.

What happens if I call the number in an Apple Pay scam text?

The person who answers will identify themselves as Apple Support and walk you through verification steps that end with one of four outcomes: granting remote access to your device via AnyDesk, TeamViewer, or Zoho Assist; reading off a code that authorizes a bank transfer the scammer initiated; buying Apple gift cards to "secure" the charge; or providing a verification code the scammer is using in real time to log into your bank. None of these are recoverable once completed.

How do I report an Apple Pay scam text?

Forward the message to 7726 (the keypad letters for SPAM) so your carrier can flag similar messages. Use Report Junk in iMessage or the equivalent in Google Messages. File a report at ReportFraud.ftc.gov. Email a screenshot to reportphishing@apple.com. Then delete the message and block the sender. Do not reply, including with "STOP," because that confirms the number is active.

Why can't Apple stop these texts?

The texts are sent from third-party phone numbers across thousands of carrier networks and burner SIMs, not through any Apple service. Apple can ban a sender from iMessage, but it has no control over the broader SMS ecosystem. The carriers and federal regulators are the parties with authority over SMS, which is why the FTC's reporting channel and the 7726 SPAM forwarding number matter.

What does a real Apple Pay transaction alert look like?

Real Apple Pay alerts appear as push notifications generated by your iPhone's Wallet app. They show the merchant exactly as it appears in your transaction history, the card used, the location, and the amount. To confirm a charge, open the Wallet app and check the card's transaction list directly. To dispute one, contact your card issuer using the phone number printed on the back of your physical card.

I already called the number in the text. What now?

If you shared your Apple ID password, change it immediately at appleid.apple.com from a device you know is clean, then run Apple's Safety Check on iPhone to revoke any sharing relationships or device sessions that may have been added during the call. If you read off a bank verification code or wired money, call your bank's published fraud line (the number on the back of the card, not the one from the text) within minutes. If you installed remote access software, uninstall it, restart the device, and assume any account credentials entered on that device while the software was active are compromised.

§Topics
apple pay transaction text scamApple Pay scamsmishingphishing textApple Pay fraud alertiPhone scam textFTC text scamsfake Apple SupportApple security
Alex Chen
§Written by
Alex Chen

Technology journalist who has spent over a decade covering AI, cybersecurity, and software development. Former contributor to major tech publications. Writes about the tools, systems, and policies shaping the technology landscape, from machine learning breakthroughs to defense applications of emerging tech.

More from Alex Chen
§Continue reading

Continue in Technology.

§ 06The Kinja Brief · Free

Nine stories, one editor, six a.m.

One email, Monday through Friday. Written by a human editor on the day it is sent, signed at the bottom, never auto-generated. Unsubscribe in one click.

No tracking pixels. No data resale. See our privacy policy.

Share