Guardio | Blog

Protect your digital wallet: Stay ahead of Apple Pay scams

July 29th · 11 min read

Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|
Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|

Apple Pay scams uncovered

Over the past decade, as smartphones and convenient apps have made mobile payments the norm, more and more countries have been removing cash from their economies. A big contributor to the use of digital wallets is Apple Pay a wallet for iPhone users, that makes digital payments possible. The wallet is built into iPhones, Apple Watches, Macs, and iPads. Or in other words, if you have any of those devices, you already have Apple Pay automatically installed. After opening the app and entering your debit and credit card numbers, there’s no need to carry a wallet anymore. You can even send and receive payments from friends, and peers in iMessages via Apple Cash, a feature offered in Apple Pay.

| People are losing Millions of dollars due to Apple Pay fraud |

Sadly, cybercriminals are the reason we can’t have nice things. With Apple Pays rising popularity, scammers are crawling out of the woodwork, trying to cash in on the action. But have no fear, in this article, we'll deep dive into the world of Apple Pay scams, understand the risks, and give you the know-how to outsmart scammers and keep your money safe. Let's show these scammers what we’ve got, buckle up it’s going to be a bumpy ride!

From Macs to iPads: how Apple revolutionized technology

Remember the 80s when baggy pants, bucket hats, and  walkmans were a thing? Perhaps you don’t, and that’s OK, they’ll probably make a comeback or you can find them in your local thrift store. Another invention of the 80s that made a bigger splash than baggy pants was the Macintosh. Unlike the oversized pants that were left behind and forgotten, the Macintosh was just the jump start for what would become a huge technological company that never ceases to amaze us.
Apple has come a long way since the  introduction of the first Mac , and during the following decades, led by Steve Jobs Apple sold millions of iPods, iPhones, iPads, Apple Watches, and AirPods. When  Jobs said “We’re here to put a dent in the universe” he really meant it.
Old Mac
When Jobs passed away in late 2011, many wondered how Apple would survive without its visionary captain. Thankfully with the leadership of  CEO Tim Cook , Apple hasn’t just survived, but thrived and continues to lead the way in cutting-edge technology. In 2014 they launched Apple Pay, a mobile wallet, which is currently the most popular mobile payment service in the US, with 38 million users. That number is projected to increase to over  101 million Apple Pay users by the end of 2023. Wowza.

What’s Apple Pay?

Apple Pay is a wallet for Apple users, that makes digital payments possible. Let's say you're at a fancy restaurant, on a date with your special someone and want to pick up the check, or in my case, you want to pay for the late-night pizza you’ve just gobbled down. Rather than pulling out a credit card, you open the Apple Pay app and choose the credit card you want to use. As a security measure, Apple Pay requires authentication through a fingerprint scan, face ID, or personal passcode. Once you've verified your identity, you'll hold your iPhone near the payment terminal, when you hear a ‘ting’ sound, you’ll know the purchase is confirmed. Easy right?

What’s Apple Cash?

Just like how Venmo is part of PayPal, Apple Cash is part of the Apple Pay ecosystem. Put simply,  Apple Cash is a prepaid debit card in your Apple Wallet, that can only be used after you've connected it to a debit or prepaid credit card. Unlike a traditional credit card, you're not borrowing the money you spend. Instead, you're paying with your own money. It’s very similar to Venmo in the sense that it's a peer-to-peer payment service where you can send and receive money through the iMessage app.

You can use Apple Cash to send money to friends, people you buy stuff from on marketplaces, shop online, in stores, and anywhere that accepts Apple Pay. While Apple Pay has made payments easier, and faster, the convenience and ease of it is what makes it susceptible to cybercriminals trying to scam people out of their hard-earned cash.

Apple Pay scams

In 2021, Apple Pay was 6th on the list of  ‘top payment methods’ used by scammers for fraud, with 21% linked to the online wallet. The numbers continue to grow as a  2022 NICE Actimize Fraud Insight Report , found that 61% of attempted fraud attacks come through mobile apps like Apple Pay and Google Wallet. This is a big issue, and concern as criminals are abusing Apple Pay and other contactless payment systems to go on spending sprees with stolen credit and debit card numbers.

The sad part is that most consumers don’t realize that once money leaves a mobile wallet, there are few ways to get it back. Neither Apple Pay nor Apple Cash offer buyer protection, so Apple is not responsible for any scams pulled off through the wallet. Yikes.

How safe is your digital wallet?

Protect yourself from Apple Pay scams & other online threats. Start your free 7-day trial today.

Apple pay scams you need to watch out for

1. Bot scams

We’ve talked about using  Two Factor Authentication (2FA) to secure your accounts before, but as a quick reminder - 2FA adds a layer of protection by requesting an extra code whenever logging into an account. I hope you’re sitting down for this next one, because this scam is really next level. Get this, hackers use bots to automatically  call your phone number and trick you into handing over your Apple Pay 2FA codes. Because a bot is basically software that runs automated tasks over the internet, it has the ability to call thousands of people. Giving hackers infinate chances to reach a large amount of people, in a short amount of time. The irony of using your extra security measure to trick you out of cash sounds like a crazy sci-fi flick, right? Sadly it’s real!

Cybercriminals enter stolen or leaked credit card credentials into Apple Pay, then use bots to acquire the authentication codes sent out. The bots are programmed to automatically call and trick people into handing over their multi-factor authentication codes. Once they have the 2FA, cybercriminals basically have access to your Apple Pay account and can go on a shopping spree at your expense.

2. Apple Pay text scam (smishing)

Apple really goes out of its way to contact customers directly via text, sounds reliable, right? Wrong, Apple will never contact you directly via text. But you know who will? Scammers. If you ever receive a text message from Apple, it’s probably a  smishing attempt. The message may claim that “Your apple pay has been suspended please update details via: mywallet-redeem-info.com”. Guess what happens when you press the link? Yep, you guessed it, you’ll be taken to a fake Apple Pay website designed to steal your credit card and personal information.
Apple Pay Scam Text

3. Apple Pay phishing scams

Similar to the smishing attacks we mentioned above,  phishing scams operate pretty much the same, but instead of an SMS, you’ll receive an email. The emails can have different messages, but they all convey that there’s a problem with your account and prompt you to click a link to fix it. Once you press the link you’ll be redirected to a fake Apple Pay website, where you’ll be asked to either enter your account details or credit card information… I think you can guess what happens next. Details are stolen and either sold on the  dark web or used to steal your cash and in some extreme cases  even your identity.

4. Overpayment marketplace scams

In our growing consumeristic world sometimes selling something in a second-hand market can not only make you money but also give you some good karma - as you sell something that otherwise would go to the dump. Sadly, scammers are everywhere, including Craigslist, Facebook Marketplace, and other second-hand markets.

Let’s say you want to get rid of that old snowboard that’s been sitting in your garage for the past two years. You put an ad online on Craigslist or Facebook Marketplace. After a few hours, Amy contacts you via Facebook, email, or text, depending on where you posted the ad. Amy says she’s interested in buying the snowboard, and asks when she can pick it up. She really needs the board for the weekend as there’s supposed to be a major snow dump and she wants to  “shred the gnar”. You tell her that she can come anytime, and she says she wants to send you the money right away, to make sure you don’t sell it to anyone else.

Sounds great, right? Your board can go to someone who’ll really use it, you get some extra cash and more space in your garage. Win-win. Amy sends you the payment via Apple Cash. The only problem is, that they overpaid, oops. Instead of sending you $200 for the board, she sent $500. She apologizes, and you think to yourself, Ok, mistakes happen, and because you’re a chill ex-snowboarder, you tell her that “it’s all good”, and you’ll send her back the balance of $300. This is where things go sour, enter suspenseful music…

This is actually a multi-layer scam, what’s really happening behind the scenes is that Amy is a scammer that used stolen credit card details to make the original payment. When you send them the $300, they’ll disappear with your cash. If you’re thinking to yourself, but wait they sent me $500, so I still have the money, your wrong. Because when the true card owner files a dispute, the credit card issuer will reimburse them (from your account), and you’ll lose both the money for the snowboard and the amount you “refunded” the scammer.

5. Public Wi-Fi network hacks

Hackers can intercept your data while you’re out using public Wi-Fi networks using a  man-in-the-middle (MiTM) attack. For example, let’s say you’re sitting in a cafe, reading a book while sipping an oat milk late, and using the cafe's Wi-Fi (public Wi-Fi). You then decide to enter your credit card information into Apple Pay, this is where things get sketchy as a hacker could potentially steal your information and use it for financial fraud. The scammers can even create devices that look like payment terminals and trick you into giving them access to your Apple Pay account.

How to Avoid Getting Scammed on Apple Pay

While Apple Pay is quite secure, it can still be vulnerable to hackers. To avoid being scammed on Apple Pay, follow these  best practices
  1. It’s always good to add an extra layer of protection to your online accounts. Apple offers a bunch of ways to protect your account like  2FA , face ID, and touch ID. Utilize them and remember to never give out information like your 2FA codes or passwords to strangers. There is no way that a legitimate customer support agent would ever ask for that information.
  2. Make sure you check your Apple Pay transactions regularly. You can see all of your  recent transactions in the Wallet app. Report an issue to Apple, if you see anything suspicious.

  3. Avoid sending money for items you haven't received. If you pay upfront but don't receive the item, getting a refund may become difficult. When buying something, such as concert tickets or furniture, refrain from sending payment until you receive the item. Be cautious when making purchases on online marketplaces, especially if the seller requests payment through Apple Cash or any method outside of the platform, as it may pose additional risks.

  4. If someone "accidentally" sends you way too much money, be really careful. Don't refund it to a different payment platform than the one used for the original transaction. Always wait for the payment to clear before sending out any products or giving refunds. Better safe than sorry!

  5. Don’t add cards to your Apple Pay while connected to public Wi-Fi. Using Apple Pay on public Wi-Fi networks can expose you to potential hacking risks.

  6. If you ever lose your phone, utilize the  Find My iPhone app right away and set up Lost Mode through the app, this will make sure that cybercriminals won’t be able to access Apple Pay on your lost device.

  7. Be cautious and avoid clicking on links from text messages or emails that claim there’s an issue with your account. Remember, don’t give away any personal information in response to these links. If you receive a suspicious email or SMS text message that looks like it's supposed to be from Apple, forward it to reportphishing@apple.com.

How safe is your digital wallet?

Protect yourself from Apple Pay scams & other online threats. Start your free 7-day trial today.

  1. Link a credit card instead of a debit card to your Apple Pay. While they’re both supported by Apple Pay, credit cards usually offer greater protection.

  2. Unrecognized payment requests should be treated as junk and reported. If you receive a payment request from an unfamiliar number, tap "Report Junk" and block the contact. If the payment was sent by someone you know, ask them a personal question, to verify they are who they say they are. Let’s face it, sometimes you’ll need to send money to strangers, but try to limit Apple Cash transactions to people you know and trust.

How to get money back from Apple Pay if scammed

If you do find yourself being scammed, there are a few things you can do to try and recover your money and protect your account. The recovery process varies slightly depending on whether the scam occurred through Apple Pay or Apple Cash.

Apple Pay scams

If you've mistakenly sent money to a scammer via Apple Pay, you can dispute the transaction in the Wallet app by accessing the Latest Transaction section. But if your asking yourself does apple pay refund money if I get scammed, sadly the answer is no. That's why it's important to act fast and contact your bank to tell them about the scam immediately. They can freeze your card and take you through the necessary steps to deal with the situation effectively.

Don't forget to change your passwords. Make sure you enable two-factor authentication (2FA), and use  online security tools as an added layer of protection for your accounts.

Apple Cash scams

Unfortunately, Apple Cash payments don’t have buyer protection, as it’s intended as a peer-to-peer money transfer service. If you authorize a transaction on Apple Cash that turns out to be fraudulent, it’s very difficult to get your money back. With that being said, if the scammer hasn’t accepted the payment yet, you still have a chance. Find your latest conversation with them in iMessage → select Payment. Then go to the Wallet app and click Latest Transaction. If the Cancel the Payment option is still there, you can use it. If not, it’s too late and Apple won’t give you a refund.

Protect Your Finances & don't fall for Apple Pay scams

Apple has revolutionized digital payments and provided us with unprecedented convenience, but they’ve also attracted cybercriminals looking to exploit unsuspecting Apple Pay users. From bot scams to smishing attempts, and public Wi-Fi hacks, scammers will stop at nothing to hack accounts and make bank.

Be cautious whenever using Apple Pay and take proactive measures like using 2FA, face ID, and touch ID. Monitor your transactions regularly, and avoid sharing personal or financial information with strangers.

It’s time we outsmart scammers and enjoy the benefits of Apple Pay and Apple Cash securely.

Make sure your finances and payments are safe

Protect yourself from Apple Pay scams & other online threats. Start your free 7-day trial today.

Be the first to know!

Subscribe to our exclusive mailing list and get the freshest stories from the Guardio team

You may also like

How to spot deepfake and ad fraud

How to spot deepfake and ad fraud

May 7th · 10 min read

How to avoid pig butchering scams

How to avoid pig butchering scams

May 4th · 9 min read

Highway to hell: Toll SMS phishing scams

Highway to hell: Toll SMS phishing scams

April 17th · 6 min read