Types of Apple Pay Scams and How to Spot Them

Sophia Taylor

By Sophia Taylor

Updated:

What Is Apple Pay and Why Do Scammers Use It?

Apple Pay is a digital wallet and a contactless payment technology that allows you to use your phone to make payments.

For many people, it’s become a convenient way to speed up the payment process in stores by simply tapping their phone on the card reader.

And with reports suggesting that 75% of Apple users have activated Apple Pay, it’s fast becoming the default method of payment for consumers.

However, an increase in popularity means an increase in scammers trying to commit fraudulent purchases. Apple Pay is a particularly good target for scammers since it is very difficult for victims of these scams to get their money back.

This is partly because the service does not offer buyer protection, so users are not protected in the same way they would be if their bank accounts were hacked.

In this article, we’ll take a look at Apple Pay scams in more detail and explain how you can protect your iPhone from potential security breaches.

Protect your iPhone from scammers

Download Certo Mobile Security for free to help protect your iPhone against cyber-attacks.

How Does Apple Pay Work?

Apple users can set up an Apple Pay account by linking it to a credit or debit card.

Apple Pay can be used anywhere you see an Apple Pay logo. You can pay by simply opening your Apple wallet, selecting the linked card, and tapping it on the card reader.

If you have biometric recognition (Face ID or Touch ID) set up on your phone, you can use this to verify the payment.

Although the obvious difference between using Apple Pay and paying with a card is that you don’t use the physical card with Apple Pay, there are some important differences happening behind the scenes.

When you pay with a bank card, your bank details are shared with the merchant.

But when you use Apple Pay, Apple encrypts the transaction. This means that your bank details are never shared with the merchant or stored on Apple’s servers, which makes it more difficult for hackers to access them.

Other payment processing apps that are similar to Apple Pay include Google Pay, PayPal, and Venmo—but with Apple Pay accounting for almost half of all digital wallet purchases, it has the lion’s share of the market.

Is Apple Pay Safe and Secure for Online Purchases?

Is Apple Pay Safe and Secure for Online Purchases

Since your card details are not stored on Apple’s servers, it’s particularly difficult for hackers to use Apple Pay to scam you.

Apple is renowned for prioritizing their users’ privacy and security, and Apple Pay has a number of features designed to protect you from being scammed or hacked.

Let’s take a look at some of these features in more detail.

Advanced layers of authentication

Apple Pay uses biometric recognition to make sure that you are the only person who can authorize payments.

Before you make a payment using Apple Pay, you’ll be asked to use FaceID or Touch ID (fingerprint) to approve it. If you haven’t enabled these features on your iPhone, you’ll need to enter a passcode.

If your phone gets stolen, this level of security makes it very difficult for others to access your phone or use it to make purchases.

Tokenization

“Tokenization” refers to the process that Apple uses to protect your card details.

Instead of storing and sharing your card details such as card number, expiration date, and CVV code with merchants, Apple creates a unique passcode, or “token,” that can only be used once.

This ensures that your card details are kept secure and Apple doesn’t store them on your device or in the iCloud, either.

If a hacker does manage to intercept the one-time passcode or “token,” they won’t be able to use it to access your money.

Find My iPhone

If your Apple device is lost or stolen, you can use the Find My iPhone app to temporarily freeze your Apple Pay account so that no one can use it to make fraudulent purchases.

This smart feature gives Apple Pay users peace of mind that their personal information is still secure even if their phone is compromised.

How Can You Get Scammed with Apple Pay?

Although Apple Pay has advanced security features to protect its users, it’s unfortunately still possible for scammers to trick you. Below we list the most common Apple pay scams.

Phishing

Phishing scams are those that “fish” for personal information and bank details under the guise of being genuine.

Common phishing scams include text messages or emails inviting you to claim a prize or a refund that you are owed.

The recipient is usually asked to follow a link to input sensitive information, which hackers can then use to make fraudulent purchases.

In a recent Apple Pay phishing scam, users received a message saying that Apple Pay had been suspended on their device. The message included a link to a fake Apple Pay website, inviting people to input their card details again to reactivate their account. In reality, those card details were being used to commit fraud.

Online marketplace scams

Online marketplace scams

If you’re selling items via online marketplaces like Facebook Marketplace or Craigslist, be cautious about who you’re selling to.

Hackers sometimes connect stolen credit cards to an Apple Pay account and use them to buy expensive items on online marketplaces where unsuspecting sellers might not know what to look out for.

Once the rightful owner of the card has noticed the transaction and raised a dispute, the fraudulent transaction comes as a nasty shock to the seller—who loses both the product they sold and the money they expected to receive.

Since Apple Pay doesn’t offer buyer protection, it can be very difficult to get your money back in these situations.

Unsecured Wi-Fi

While convenient, public Wi-Fi networks are vulnerable to “man-in-the-middle” (MiTM) attacks, where hackers intercept your data.

This means that entering sensitive information, like your Apple Pay details, while on public Wi-Fi could expose you to financial fraud.

Even more alarmingly, scammers can create fake payment terminals to trick you into giving them access to your Apple Pay account.

ℹ️ How to protect yourself:

  • Avoid sensitive transactions on public Wi-Fi: Don’t make changes to your Apple Pay account or enter credit card information on public networks.
  • Use a VPN: If you must access your Apple Pay account on public Wi-Fi, consider using a Virtual Private Network (VPN) like NordVPN to encrypt your data and enhance security.

Fake lottery or sweepstakes scams

Some scammers try to convince people that they have won a prize, a lottery, or a sweepstake from Apple.

The messages usually come with a link directing you to a fake Apple Pay website, where you’ll be invited to fill in personal details that match your Apple Pay account to claim your prize.

But in reality, the scammer can use the information you provide to try to steal money from your Apple wallet.

ℹ️ How to protect yourself:

Always exercise caution when clicking links in unsolicited texts or emails.

Once on the website, verify its legitimacy by checking for the padlock symbol in the address bar, indicating a secure connection.

Additionally, confirm that the website is using the official “Apple.com” domain and displays a valid SSL certificate to safeguard your Apple Pay information.

Overpayment scams

This type of scam can occur when you’re trying to sell something online, on Facebook Marketplace or Craigslist for example.

The fraudster will message you about an item you’re selling, and you’ll agree to a price. Then they’ll buy the item, but send you too much money “by accident.” They’ll ask you to refund them the difference using Apple Cash or another digital wallet like Cash app, PayPal or Venmo.

What really happened though is that the buyer used stolen credit card details to make the original payment.

When the true owner of the card realizes that they have been scammed and raises a dispute, you’ll lose the product you sold, the original payment you received, and the amount you refunded to the scammer.

ℹ️ How to protect yourself:

Exercise caution if someone overpays you, claiming it was a mistake. Never send refunds through a different platform than the original transaction, and always wait for the initial payment to fully clear before sending any goods or refunds.

Unsolicited payments or requests

Scammers may also try to target you by sending you payments, or requests for payment, on Apple Cash. Apple Cash is built into the Wallet app on iPhones, and is designed to let you send and receive money with people you know.

If you receive money you weren’t expecting via Apple Cash, it’s probably a scammer using stolen credit card details. If you accept the payment, the scammer will likely contact you and ask you for a refund.

Sometimes they’ll tell you that you can keep some of the money as a kind of reward, but when the real card owner then files a dispute, the money will be withdrawn from your account.

Similarly, be very wary of unexpected payment requests via Apple Cash. Scammers will often pretend to be a trusted company, like Netflix or Spotify, to try to get you to send them money.

The fact that neither of these companies accepts Apple Pay should be a huge red flag. The bottom line is that if you receive a payment or a request for payment that you weren’t expecting, it’s probably a scam.

ℹ️ How to protect yourself:

Avoid sending money to strangers. Verify payment requests from companies through official channels. A government agency or legitimate businesses won’t ask for payment via Apple Cash, Venmo, or Zelle.

Bots stealing your two-factor authentication (2FA) codes

Hackers are now using automated bots to call your phone and trick you into telling them your Apple Pay 2FA codes.

A 2FA code is a passcode you receive, often by text message, after you’ve logged into your Apple Pay account using your password.

This two-factor authentication method is designed to make it harder for criminals to hack into your phone. However, if you unwittingly give them access to your 2FA code, they will be able to access your Apple Pay account and use it to make fraudulent purchases.

ℹ️ How to protect yourself:

Keep your 2FA codes secret! Don’t share them over the phone, in texts, on social media, or through email. Remember, trustworthy companies won’t ask for them. If someone does, they’re likely trying to scam you.

Run a FREE security scan

The award-winning Certo Mobile Security can quickly check your iPhone for security threats that could put your data at risk.

What to Do If You Are Scammed on Apple Pay or Apple Cash

In the unfortunate event that you do get scammed, there are a few things you can do to try to recover your money and protect your account.

However, the process is a little different depending on whether you were scammed via Apple Pay or Apple Cash.

Apple Cash scams

Apple Cash payments do not include buyer protection, since it’s designed to be a peer-to-peer money transfer service to be used between friends and family.

If you authorize a transaction on Apple Cash that turns out to be fraudulent, it’s very difficult to get your money back.

However, if the scammer has not yet accepted the payment you still have a chance:

  1. Find your conversation with the scammer in iMessage, and select Payment.
  2. Go to the Wallet app and click Latest Transaction.
  3. If the Cancel Payment option is still there, you can use it. If not, it’s too late and Apple will not refund you.

Apple Pay scams

If you used Apple Pay to send money to a scammer or a fraudulent account, you can dispute the transaction in the Wallet app, under Latest Transaction.

You should also contact your bank to tell them you’ve been a victim of a scam. They can freeze your card and advise you about the next steps. Also report the suspected scam to Apple Support immediately.

Make sure you change your passwords, too, and enable 2FA authentication if you haven’t done so already.

How to Avoid Getting Scammed on Apple Pay

Apple Pay is convenient, but staying vigilant is key to preventing scams. Here’s what you can do:

Essential security practices

  • Trust Your Gut: If a payment request feels suspicious, don’t send money. It’s better to be safe than sorry.
  • Verify, Then Pay: Always confirm the recipient’s identity and payment details before authorizing any transaction. If a deal seems too good to be true, it probably is.
  • Secure Your Accounts: Protect your Apple Pay transactions by securing your accounts. Start by using strong, unique passwords for your Apple ID and any linked financial accounts. Add an extra layer of security with two-factor authentication (2FA), making it much harder for unauthorized persons to gain access. Finally, take advantage of biometric security features like Face ID or Touch ID, offering a convenient and secure way to authorize payments.
  • Beware of public Wi-Fi: Avoid using public Wi-Fi networks for sensitive transactions. If you must, use a VPN to encrypt your data.
  • Update your software: Keep your iOS devices and the Wallet app up-to-date with the latest security patches.

Specific Apple Pay precautions

  • Treat Apple Cash like cash: Treat Apple Cash transactions with the same caution you would use for physical money. Avoid sending it to strangers or for unfamiliar purchases.
  • Be wary of phishing: Watch out for suspicious emails, texts, or calls claiming to be from Apple. Legitimate communication from Apple will never ask for your personal information or passwords.
  • Use a credit card: When possible, use a credit card instead of a debit card with Apple Pay. Credit cards typically offer better fraud protection.
  • Manually accept payments: Disable automatic acceptance of Apple Cash payments to prevent unauthorized transactions. You can do this in your Wallet & Apple Pay settings.
  • Monitor your accounts: Regularly review your Apple Pay transaction history and bank statements for any unauthorized activity.

Get Peace of Mind with Certo Mobile Security

Apple Pay scams are becoming more and more prevalent. If you’re an iPhone user, you need to remain vigilant and secure your device against potential attacks.

One of the best ways to protect your iPhone against Apple Pay scams is by using an app like Certo Mobile Security.

Our easy-to-use app has a handy security and privacy checklist that you can use to make sure your device is as secure as possible.

Download it for free today and start protecting your device now.

App Store


Frequently Asked Questions (FAQs)

Are there Apple Pay scams?

Yes, it’s possible to be scammed via Apple Pay. If a hacker is able to gain access to your personal details, they may be able to access your account and make fraudulent payments.

Can I get my money back from Apple Pay if I get scammed?

In some circumstances it may be possible to get money back from an Apple Pay scam, although it’s not guaranteed.

If you used Apple Pay to send money to a scammer or a fraudulent account, you can dispute the transaction in the Wallet app, under Latest Transaction.

Can money be stolen from Apple Pay?

Yes, if someone is able to access your Apple Pay account they will be able to spend your money on fraudulent purchases.