All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
Apple is urging iPhone and iPad users to be skeptical of unexpected FaceTime calls after cybersecurity reports uncovered a phishing scam that uses live video calls to impersonate banks and Apple Support.[1]
According to researchers at Malwarebytes, the scam begins with an urgent text message claiming there's suspicious activity on the victim's account.[2] Shortly afterward, the victim receives an unsolicited FaceTime call from someone claiming to represent their bank or Apple Support. The goal is to convince the victim to hand over sensitive information that can be used to access financial accounts or take control of their devices.
Why scammers want your credentials
Apple says it won't contact you this way
How to protect yourself
How the FaceTime phishing scam works
Unlike many phishing attacks that rely solely on fake emails or text messages, this scam unfolds over multiple steps designed to appear legitimate.
Victims typically receive a text message warning about supposed unauthorized transactions, account problems, or other urgent security issues. Soon after, scammers place a FaceTime call, posing as customer support representatives.
Once connected, the caller attempts to create a sense of urgency by claiming immediate action is needed to secure the victim's account. They may ask the victim to:
- Confirm debit or credit card numbers
- Provide online banking usernames or passwords
- Share Apple Account (formerly Apple ID) credentials
- Read aloud one-time verification codes sent by text
- Share their screen
- Install remote-access software that allows attackers to control the device remotely
Because the interaction happens over a live video call, some victims may be more likely to trust the caller than they would an unexpected email or text message.
Why scammers want your credentials
The information requested during these calls can give criminals access to far more than a single account.
For example, one-time verification codes are commonly used as part of multi-factor authentication (MFA), an additional security layer that requires users to verify their identity when signing in. While MFA helps protect accounts, it can be defeated if a victim voluntarily shares the verification code with a scammer.
Similarly, installing remote-access software or sharing a device's screen can allow attackers to observe passwords being entered, access sensitive information, or perform actions on the victim's behalf.
Apple says it won't contact you this way
Apple warns that scammers frequently impersonate trusted organizations, including Apple itself, to pressure people into revealing sensitive information.
“Scammers use any means they can to trick you into sharing information or giving them money,” Apple wrote on its support page.
According to Apple's guidance, users should be suspicious of unsolicited phone calls, FaceTime calls, emails, or text messages that:
- Claim there's an urgent problem with an account
- Ask for passwords or verification codes
- Request personal or financial information
- Instruct users to install software
- Ask users to disable security features or share their screen
Apple says it will never ask customers to provide passwords, device passcodes, security codes, or other sensitive account information during an unsolicited support interaction.
How to protect yourself
If you receive an unexpected FaceTime call claiming to be from your bank or Apple Support, security experts recommend ending the call immediately.
To help protect yourself:
- Contact your bank using the phone number printed on the back of your debit or credit card, not a number provided by the caller.
- If someone claims to be from Apple, contact Apple directly through its official Support app or website.
- Never share passwords, one-time verification codes, or multi-factor authentication codes with anyone who contacts you unexpectedly.
- Never install software or grant remote access to your device at the request of an unsolicited caller.
- Avoid screen sharing with anyone claiming to be from your bank or Apple Support unless you initiated the support session through official channels.
- Keep your iPhone or iPad updated to the latest version of iOS or iPadOS to ensure known security vulnerabilities are patched.
“If you receive a suspicious FaceTime call (for example, from what looks like a bank or financial institution), email a screenshot of the call information to reportfacetimefraud@apple.com,” Apple wrote. “You can report scam phone calls to the Federal Trade Commission (U.S. only) at reportfraud.ftc.gov or to your local law enforcement agency.”