Fake Apple ID account locked credential phishing — non-official sender impersonates Apple claiming the recipient's Apple ID, iCloud account, or Apple account has been locked, suspended, or disabled due to suspicious activity or an unauthorized sign-in attempt, directing them to verify credentials or click a link to restore access through a phishing portal

Phishing emails impersonating Apple claiming the recipient's Apple ID, iCloud account, or Apple Account has been locked, suspended, or disabled due to suspicious activity, an unauthorized sign-in attempt, or a security violation — and directing them to click a link to verify their identity, enter their Apple ID password, or confirm their payment information through a phishing portal. Apple ID credentials give attackers access to iCloud backups (photos, documents, passwords), Apple Pay, the App Store, and Find My iPhone. Key facts: (1) Apple is the #1 most-impersonated brand in phishing emails globally (APWG, Kaspersky 2024); Apple ID phishing campaigns are active year-round with surges during new iPhone/iOS release cycles; (2) Apple never sends unsolicited emails demanding account verification through a link — all legitimate Apple ID security alerts direct users to appleid.apple.com directly, not through a clickable hyperlink in the email body; (3) Apple ID phishing portals precisely replicate apple.com design, including Apple's Myriad Pro font, signature gradient backgrounds, and the Apple logo — making them visually indistinguishable from real Apple pages; (4) The "account will be permanently deleted in 24 hours" threat is false — Apple does not delete accounts on a 24-hour basis. Warning signs: sender domain not matching apple.com or icloud.com, urgency about account deletion timeline, link to verify Apple ID outside of appleid.apple.com, request for password or payment card details.