Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

erronis

(25,208 posts)
Sat Jul 11, 2026, 12:15 PM 23 hrs ago

How a Stranger Used One Text Message to Steal My Entire Digital Life -- Time

https://time.com/article/2026/07/07/how-a-stranger-used-one-text-message-to-steal-my-entire-digital-life/
by Ryan Pettit
Ryan Pettit is a Hawai'i-based commercial airline pilot with a background in information technology.

Consider, for a moment, the architecture of your own life. The photographs of your children. The passwords to your bank. The device in your pocket that pays for your coffee, unlocks your front door, and holds the second factor that guards everything else. Now ask a harder question: how many separate keys protect all of it, and how many of those keys are, in truth, the same key?

For most of us, the honest answer is one. One account sits beneath the others: an Apple ID, a Google login, a phone number that every "forgot password" link routes back to. We would never accept this design anywhere else.

I'm a pilot. No aircraft I have ever flown is permitted a single point of failure: every critical system carries a backup, and often a backup for the backup, so that no single fault can bring the plane down. Redundancy is the first principle of any system that cannot be allowed to fail. And yet millions of people carry their entire financial and personal identity on exactly one such lock, and think nothing of it.

On the afternoon of June 25, 2026, I learned what happens when the lock turns in a stranger's hand. It began, as these things now do, with a text message. It looked entirely official: a fraud alert about a possible unauthorized charge on my Goldman Sachs Apple Card, the credit card tied to my Apple ID. The message asked only that I reply "yes" or "no" to confirm the transaction. This is a routine, familiar request, the kind your bank sends all the time. I replied no.

A few minutes later, my phone rang. The number, the FBI would later confirm, belonged to the genuine Apple Card support line. It had been spoofed so precisely that the messages accompanying the call arrived in the same gray bubbles, with the same Apple logo, that only real Apple support uses in iMessage. Everything my eyes could check told me this was Apple. The man on the line said he was going to send a code to verify my identity, and that I should read it back to him. It is a request that feels routine in the moment, though I now know that no legitimate institution should ever make it.

. . .
45 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
How a Stranger Used One Text Message to Steal My Entire Digital Life -- Time (Original Post) erronis 23 hrs ago OP
Wow, that is scary hauckeye 23 hrs ago #1
I find people are more vulnerable when they are scammed on mobile devices. LeftInTX 22 hrs ago #2
well, that was horrifying UpInArms 22 hrs ago #3
"Windows 7"??? PatSeg 21 hrs ago #10
windows 7-11. LOL reACTIONary 21 hrs ago #16
I still have a Windows 7 computer also FoxNewsSucks 20 hrs ago #22
Whoa, I didn't know you could still get updates PatSeg 16 hrs ago #41
This scam isn't dependent on the operating system. Windows, Mac, iOS, Linux, whatever. erronis 19 hrs ago #29
This is the key: Never take an inbound call from a financial company. Ms. Toad 22 hrs ago #4
So if you are traveling and spend a decent amount of $ at a city far from where you are 99% of the time AZJonnie 22 hrs ago #6
My Credit Union asks me to call them directly whenever I get a fraud alert. paleotn 21 hrs ago #11
Good advice Randomthought 21 hrs ago #14
Right. And don't click on any links in the text message (or emails!) erronis 19 hrs ago #31
Yes, I would (and have repeatedly refused). Ms. Toad 20 hrs ago #17
I'm not quite sure I follow the logic on this piece AZJonnie 19 hrs ago #25
And how do you know they did not call the 5, be 10, ?? other phones that were in the area Ms. Toad 16 hrs ago #42
How did they fake the credit card terminal coming back and saying "declined"? AZJonnie 7 hrs ago #44
The store may be in on it. Ms. Toad 3 hrs ago #45
Did you read the article? BWdem4life 20 hrs ago #20
They've got the con down pat. Progressive dog 22 hrs ago #5
Oh wow, that poor Pilot guy! Cha 21 hrs ago #7
"To catch a thief" - Hitchcock. We don't live in that world any more. There are thousands of thieves erronis 18 hrs ago #32
I have an Apple ID Bev54 21 hrs ago #8
My daughter and I were talking about our smartphones PatSeg 21 hrs ago #9
I never reply to text of that ilk. BeneteauBum 21 hrs ago #12
Good Info, thanks for posting BunnyMcGee 21 hrs ago #13
Kick dalton99a 21 hrs ago #15
This is why I love my old flip-phone JoseBalow 20 hrs ago #18
Thanks for the head's up xuplate 20 hrs ago #19
This exploit was from 4 years ago. Sector 001 20 hrs ago #21
As if in a nuclear event access to Apple products is essential. marble falls 19 hrs ago #30
I, too, have been getting suspicous calls and texts. Dem_in_Nebr. 20 hrs ago #23
I had an episode not this serious but enough for me three years ago. I dealt with it and even hlthe2b 20 hrs ago #24
I recommend running a VPN on your phone for all WiFi connections - even on a protected network. erronis 18 hrs ago #33
Yes... I have preached that for the past 18 months... Not all listen, however... hlthe2b 17 hrs ago #38
Great info in this thread, thanks erronis and replies.. Permanut 19 hrs ago #26
Just had a discussion with my kids about this NeoTrajan 19 hrs ago #27
Excellent ideas. Thank you. erronis 18 hrs ago #34
That's basically what I told my husband Tree Lady 16 hrs ago #40
Trust no one whose throat you cannot get your hands around. marble falls 19 hrs ago #28
Things I never do in this age of thievery. GoodRaisin 18 hrs ago #35
I wish I knew what was meant by this part of the article AZJonnie 17 hrs ago #36
That mystified me also, but you worded it well. It does seem something is missing. erronis 17 hrs ago #37
I think what they're referring to (and like you, I struggled getting through the article) Abolishinist 16 hrs ago #43
This is exactly what happened to us in Oct 2025. LtTx 16 hrs ago #39

LeftInTX

(35,223 posts)
2. I find people are more vulnerable when they are scammed on mobile devices.
Sat Jul 11, 2026, 12:35 PM
22 hrs ago

It's much harder to verify phishing emails on my phone. One time, I clicked a link. It asked for a password to login. I'm like, "Why are they asking for a password? Why do I need to login? I'm already logged in". So I didn't give it. Crisis averted.

The message was from Facebook, saying they were gonna remove my business page for some reason. Once they had my password, who knows what they could have done.

When I got on my computer, I could see that messsage actually came from sketchy email address/account. I could not "see" that on my phone.

This guy was traveling. He's vulnerable, he's trying to multi-task and get on a plane. He doesn't have time to verifty this or that....

I get those scam texts also.

UpInArms

(55,715 posts)
3. well, that was horrifying
Sat Jul 11, 2026, 12:41 PM
22 hrs ago

I think I am too stupid to have a single device that knows everything about me

I am sprawled all over the house ... an ipad ... a cellphone ... a laptop running windows 7

there is not one place that has all my passwords except a book that I cut out the interior to form a box where I keep all my stuff written down

FoxNewsSucks

(12,034 posts)
22. I still have a Windows 7 computer also
Sat Jul 11, 2026, 03:04 PM
20 hrs ago

I use it to store and organize my digital videos. It's connected to the "guest" wifi, and I don't use it for anything else. But it does work just fine and from time to time still gets an update.

PatSeg

(54,255 posts)
41. Whoa, I didn't know you could still get updates
Sat Jul 11, 2026, 06:59 PM
16 hrs ago

Very interesting, especially considering all the urgent messages over the years warning people to update their operating systems by a certain date because updates would not longer be available.

erronis

(25,208 posts)
29. This scam isn't dependent on the operating system. Windows, Mac, iOS, Linux, whatever.
Sat Jul 11, 2026, 04:28 PM
19 hrs ago

They aren't trying to take over your machine, PC, Mac, laptop, phone. They want access to your authentication tokens (login, password, multi-factor text message, etc.) and from there they can start to raid your online accounts. They usually already have enough information on you personally (name, address, phone#s, emails, sometimes SSN) so just a little more info from you directly can help them close the loops.

Ms. Toad

(38,979 posts)
4. This is the key: Never take an inbound call from a financial company.
Sat Jul 11, 2026, 12:50 PM
22 hrs ago

I am amazed at how many people treat inbound calls and texts as legitimate. If I didn't initiate it, there is no way I am providing any information.

I am also amazed at how many credit card companies use unsolicited class to confirm suspected fraud. I have had my credit cards shut off because I refuse to confirm (or deny) recent purchases when they call me our of the blue. It is ridiculous to expect a response to particularized financial questions asked in an unsolicited call. I tell them that, hang up, call the number on the back of the cad - and if it was a legitimate call, I read them the riot act for using a business model that counts on me being fiscally irresponsible.

AZJonnie

(4,285 posts)
6. So if you are traveling and spend a decent amount of $ at a city far from where you are 99% of the time
Sat Jul 11, 2026, 01:21 PM
22 hrs ago

And it appears legit and says "Did you just spend $857.38 at Far Flung Trading Company" and you know you did, like 10 seconds earlier, and the purchase was declined, and it makes sense this might trigger the credit card company to flag the purchase (as in this case), you refuse to reply to it, on the premise that it would be fiscally irresponsible to do so? I'm trying to reckon "how so"? Even if it was fake, what is the risk? Not saying you're wrong about it, I'm trying to see if there's something I've missed/not thought about?

About a year ago someone leveraged my Playstation Plus account to buy a bunch of games totaling over $300 and I got a fraud alert and said "No, I did not" and it was all legit (someone really had gotten hold of my password or some such), and soon after got my money (which IIRC was only on hold, not actually charged IIRC) back.

I guess what I mean is apart from the fact you'd be letting a marketer know that this phone number links to a real person, what is the 'exposure' involved in simply affirming or denying a purchase in an amount at a place? What am I missing?

paleotn

(23,261 posts)
11. My Credit Union asks me to call them directly whenever I get a fraud alert.
Sat Jul 11, 2026, 01:59 PM
21 hrs ago

No call back to the number that left the message. No response to a text. I just call the fraud line directly during their operating hours and they take care of it from there.

It seems with all the seamlessness of one google sign in or Apple ID, both have created a single point of failure. Get that info, which apparently isn't hard to do, and they've got the keys to the literal kingdom. My credit union short circuits all that. Plus asks me about 50 questions my better half doesn't even know all the answers to.

Randomthought

(1,098 posts)
14. Good advice
Sat Jul 11, 2026, 02:15 PM
21 hrs ago

Never call number in text or email. Look up the number of bank orcrdit card company yourself.

Ms. Toad

(38,979 posts)
17. Yes, I would (and have repeatedly refused).
Sat Jul 11, 2026, 02:42 PM
20 hrs ago

Any unsolicited call about financial information. Should be declined. Flip your card over and call the number in the back of the card. Anything that can be resolved by phone you can resolve with a call you initiate.

That way you know you are speaking with someone you have agreed to have a financial relationship with - not someone who randomly got some information about you and is seeking more, in order to perpetrate a fraud.

I don't know the details of everything that can go wrong, but phone numbers and credit cards can both be skimmed, so confirming that whoever is calling has reached a person who is connected to a specific active credit card at a specific phone number helps them build a financial profile connected to you. The more information they have, the easier it is to effectively perpetrate a fraud.

And most of the credit card calls are, unfortunately, legitimate - so they are training people to give, or confirm, financial information to unknown, unsolicited callers. The only way for you to confirm who you are talking to, is for you to initiate the call.

AZJonnie

(4,285 posts)
25. I'm not quite sure I follow the logic on this piece
Sat Jul 11, 2026, 03:40 PM
19 hrs ago

"confirming that whoever is calling has reached a person who is connected to a specific active credit card at a specific phone number helps them build a financial profile connected to you"

In the specific case I described (which is by far the most common instance in which I receive fraud alerts regarding accounts I know are actually mine), the (possible) fraudsters are calling/texting you regarding a credit card purchase you know you actually attempted to make. Which means they *already know* that the phone number and credit card are linked. Therefore, somebody replying 'yes, I attempted to make this purchase' doesn't tell them anything more than what they already know, except that, at least at times, someone or something will reply from this particular phone number. It does not establish that they've reached a person who is connected to the card.

I guess what I'm saying is I absolutely get the logic of not responding to fraud alerts where you know you did NOT make/attempt to make a purchase (obviously especially true when you don't even have such an account). But if you are trying to make a purchase, the merchant says it was declined, and 10 seconds later you get a text that seems to be from your bank saying "did you attempt to make this purchase" and it's the correct card, amount and place you are at, I cannot grok the risk in replying "yes", in order to allow your purchase to go through, and avoid the hassle of your card being shut off.

Though I concede I may be inclined to justify taking an action that I myself do on the regular

Ms. Toad

(38,979 posts)
42. And how do you know they did not call the 5, be 10, ?? other phones that were in the area
Sat Jul 11, 2026, 07:27 PM
16 hrs ago

When they grabbed your number and ask them the exact same question about **your** last credit card charge?

They would have been suspicious, and hung up. When you answer their question, you are connecting your number to **your** card, and not one that belonged to one of the other numbers they skimmed.

AZJonnie

(4,285 posts)
44. How did they fake the credit card terminal coming back and saying "declined"?
Sun Jul 12, 2026, 04:07 AM
7 hrs ago

The one thing that IS secure is that sort of stuff, these hackers can't override credit card terminals. Also, you've switched to talking phone calls, I'm talking about the specific case of texting back 'yes I am making this purchase' when my bank texts and I know the card was just declined. This is really not a fakeable scenario that I'm able to see. You're right there a LOT that are, esp. when it's out of the blue and/or it's not even a real account of yours. This is one case that's really not, as best I can tell.

But of course as you say, some may prefer to not chance it and don't mind restarting a card. Nothing wrong with that

Ms. Toad

(38,979 posts)
45. The store may be in on it.
Sun Jul 12, 2026, 08:10 AM
3 hrs ago

Or, depending on the technology used, a third party may have installed a card skimmer on the terminal you used, as was popular a free years ago with ATM machines.

And whether it was a vibe call or a text, the risks are the same. The initial contact with the victim in the article was a text.

Ironically, here is one of the main offenders (Chase) identifying unsolicited calls as suspicious activity:

Warning signs of a banking scam
Scammers rely on fear, urgency, and the promise of a quick solution to bypass your better judgement. Recognizing the red flags that mark potential bank impersonation scams is one of the best ways to help protect yourself. Here are some examples of suspicious activity:

Unsolicited contact: If you get an unsolicited call or text from your bank regarding an urgent issue, treat it with caution, you can always hang up and call back using the contact info found on the back of your card or account statement.


Your last comment contradicts the scenario you set up. In your scenario, your card is already declined. So whether you respond to the questions of the unsolicited caller or call the number on the back of the phone the card needs to be restarted. Why would you choose to provide information to someone whose identity you don't know when it takes so little to hang up to ensure you are actually speaking with someone associated with your card.

Bottom line, it is just a stupid risk to take to provide any information in response to an unsolicited call or text (or email, for that matter). Do some searching. You'll find everything I have suggested above being used as part of financial fraud. Ignore it at your own peril.

BWdem4life

(3,179 posts)
20. Did you read the article?
Sat Jul 11, 2026, 03:00 PM
20 hrs ago

That’s exactly how it started, with a simple “no” reply to a text asking to verify a credit card purchase.

Progressive dog

(7,662 posts)
5. They've got the con down pat.
Sat Jul 11, 2026, 01:16 PM
22 hrs ago

I never reply to that kind of a text message or e-mail. I will check my account only by logging in online. I still worry.

Cha

(321,820 posts)
7. Oh wow, that poor Pilot guy!
Sat Jul 11, 2026, 01:47 PM
21 hrs ago

I always used Google to check if those official-looking texts from ATT and a lot of the other companies were real, and they always said No.

Now I just Report and Delete them So many scam artists out there.

I can see why he thought it was real, though. TY for this Pilot's harrowing cautionary tale, erronis. It's even more harrowing at the link

Sigh.. All that technology was making me dizzy. I kept hoping somehow the Police or FBI could catch the thief!

erronis

(25,208 posts)
32. "To catch a thief" - Hitchcock. We don't live in that world any more. There are thousands of thieves
Sat Jul 11, 2026, 04:35 PM
18 hrs ago

waiting to take over if one gets caught.

Have you seen to pictures of the boiler-room operations where hundreds of people are on the phone simultaneously trying to scam people around the world? I've read that many of the scammers themselves are essentially slaves. The masters are of the thiel/trump/epstein class.

PatSeg

(54,255 posts)
9. My daughter and I were talking about our smartphones
Sat Jul 11, 2026, 01:56 PM
21 hrs ago

We don't want any unnecessary aps on them, as we feel they are too vulnerable. Honestly, we'd like to go back to dumb phones and just use them for phone calls and text messages. It is interesting to see that is a relatively common trend these days.

I have a PC and a laptop. I don't need more access than that.

BeneteauBum

(1,021 posts)
12. I never reply to text of that ilk.
Sat Jul 11, 2026, 02:14 PM
21 hrs ago

If I get a phone call, I just ask that the paperwork be sent to my PO Box. I don’t furnish any information…..my standard replies are: why do you ask and isn’t that in the file? Same with email. I have yet to received any written communication from scammers……and to date haven’t had any theft issues.

All my user names and passwords are genus/species names of my favorite fauna interspersed with notable dates……most over 30 characters long but easy to remember. Example: 19(genus name of golden goddess nudibranch)74(species name for the golden goddess)01. This is recorded as 197401goldengoddess in a notebook in case I need to a reminder. 19Hypseloldoris74edenticulata01……not an active password. Let the hackers figure that out.

Peace ☮️

BunnyMcGee

(493 posts)
13. Good Info, thanks for posting
Sat Jul 11, 2026, 02:15 PM
21 hrs ago

Makes my head and gut hurt a little too thinking of a few times I fortunately did not respond and then blocked the number.

xuplate

(275 posts)
19. Thanks for the head's up
Sat Jul 11, 2026, 03:00 PM
20 hrs ago

These scams are getting very, very sophisticated. A different experience I had was with a scam that identified purchases on my Citibank card, processed through ApplePay, as being made in person in Brazil while I was physically visiting Boston. I had incidences of unauthorized card use that occurred while on 3 separate trips to Boston. On reflection I think they were related to wireless card theft. I now have an RFID blocking card next to my credit cards in my wallet and haven’t had any reoccurrences. I asked the Citibank fraud representative if they really work and he said yes.

Sector 001

(440 posts)
21. This exploit was from 4 years ago.
Sat Jul 11, 2026, 03:01 PM
20 hrs ago

It affected all Apple products that received an I message. No clicks involved.

Dem_in_Nebr.

(385 posts)
23. I, too, have been getting suspicous calls and texts.
Sat Jul 11, 2026, 03:25 PM
20 hrs ago

The latest one involved a supposed scam by an (unidentified) company that they claimed, had been overcharging its customers, They were trying to reach me because I had been identified as a legitimate claimant.
Fortunately, I just let all unidentified calls go to voice mail but they were trying to reach on email as well. These were in my scam email folder.
It's a bit scary to have them try to reach me by two means of communication.

hlthe2b

(115,462 posts)
24. I had an episode not this serious but enough for me three years ago. I dealt with it and even
Sat Jul 11, 2026, 03:25 PM
20 hrs ago

went to the regional FBI office--who were not helpful. Maybe if I had DJT levels of (stolen/grifted) $$$$. that said, I did manage to get a report out of them for future "protection" and validation. They were interested from the standpoint of the DEA (as mentioned below) but not from my own data compromise and stolen funds.

I still have trouble talking about it because unlike this article, it was not clearly my own single preventable mistake but a unfortunate combination of factors. I was doing a favor covering for a colleague at his clinic and his wifi was inadequately protected but likewise being targeted for DEA numbers--apparently in a planned drug theft ring. But, while they were in his wifi, well... my own cell was connected temporarily to let me access some clinically-relevant, but more general information. It had never occurred to me that his wifi would not be super secured, but... Today, there are readily available VPNs and far more comprehensive security software for cell phones, which I have since acquired and use religiously. But, even three years ago? Not so much.

Well, it is still painful and I will likely never be fully "whole" from the incident--on any level.

So, be careful folks. This article is useful, but do some additional reading too.

erronis

(25,208 posts)
33. I recommend running a VPN on your phone for all WiFi connections - even on a protected network.
Sat Jul 11, 2026, 04:42 PM
18 hrs ago

That way you just have the phone automatically bring up a VPN when it starts up and doesn't drop it.

I won't recommend a particular VPN and I'm also getting a bit paranoid about them also. Also, some banks and other commerce sites don't like connections that come from a known VPN endpoint, but the VPN can be turned off temporarily during that interaction.

NeoTrajan

(107 posts)
27. Just had a discussion with my kids about this
Sat Jul 11, 2026, 04:23 PM
19 hrs ago

The rule:

No matter WHO sends you a message, by email, by text, facebook/twitter message, or by phone call (especially by phone call)

NEVER click any links

ALWAYS look up the actual, legitimate contact numbers on the actual, legitimate website, and contact your bank/financial org ONLY through those legitimate numbers, period .... NEVER follow the message directions, don't press Y or N or 1,2,3 etc ... Don't use ANY of their information to make contact .... Only the contact numbers YOU provide yourself

Tell the real bank you think you are being scammed, and that you have NO intention of moving any money or changing your PW (yet)

Ask the real bank if there are problems with any of your accounts

I also mentioned hanging up on calls from your legitimate bank, for the same reasons in this story: Even though it's from your bank, it's possibly a part of the scam ... Don't feel obligated to stay on the line: hang up and call the real bank - They won't be mad at you

Following through with those directions completes the scam, and allows them to take over your account, so, just hang up, and call directly to your bank using your own info

BTW, they can target other accounts: Utilities, Streaming channels, ANYWHERE you keep card info

The same rule applies: NEVER do anything by message or by receiving a call, even from those legit orgs: hang up and call directly after finding the real numbers ... You can apologize for hanging up when you call them back

Assume every message is a scam, and act accordingly

Tree Lady

(13,466 posts)
40. That's basically what I told my husband
Sat Jul 11, 2026, 06:38 PM
16 hrs ago

Who is not as techie as me. He starts to believe some of them, I said delete everything that comes or show me. I do all of our bills.

No reason anything should be sent to him since I give my number for bills but they still do.

GoodRaisin

(11,229 posts)
35. Things I never do in this age of thievery.
Sat Jul 11, 2026, 04:55 PM
18 hrs ago

1. Answer the phone for anyone not in my contact list. 99% + of unknown callers are scammers. No need to open that door and invite them in to steal from me.

2. Click on links in emails or text messages.

3. Answer the door when unexpected callers ring my doorbell.

4. Put my credit card on my phone or any device. It stays in my RFID blocking wallet.

5. Put my IRA password on my phone or any device. It is safely hidden in my home.

I do check my bank and credit card account for unknown charges frequently. I also check my credit report frequently to make sure no new accounts have been set up in my name. If someone does manage to steal my information and start stealing from me, I will be on top of it fast. So far I have avoided identity theft, not that the thieves haven’t tried.

AZJonnie

(4,285 posts)
36. I wish I knew what was meant by this part of the article
Sat Jul 11, 2026, 05:36 PM
17 hrs ago

"The number, the FBI would later confirm, belonged to the genuine Apple Card support line. It had been spoofed so precisely that the messages accompanying the call arrived in the same gray bubbles, with the same Apple logo, that only real Apple support uses in iMessage."

The terms ("belonged to the genuine" and "only real Apple support uses" ) and "spoofed" are mutually exclusive.

Honestly this article could do a lot better job explaining which action he took caused which problem. Because taking this at face value, it implies literally any text you ever reply to, or any phone call you pick up, puts you in danger of your Apple ID instantly being compromised, and along with it, your SSN. The fact that any of this had anything to do with any supposed fraud alert seems coincidental, and I'm left wondering if the fraudsters could've done the exact same stuff w/o ever calling or texting. I think an important part of the interaction during the texts and phone calls is actually omitted here, perhaps at the request of Apple's lawyers as it could involve a vector they don't want to become known.

erronis

(25,208 posts)
37. That mystified me also, but you worded it well. It does seem something is missing.
Sat Jul 11, 2026, 05:48 PM
17 hrs ago

And since this pilot is also tech savvy you'd think it would have been included.

Abolishinist

(3,132 posts)
43. I think what they're referring to (and like you, I struggled getting through the article)
Sat Jul 11, 2026, 07:28 PM
16 hrs ago

is that the number that appeared on his phone was a legitimate number for Apple. I've had this happen on the landline at the office, where it appears the police department or whomever is calling because the number that shows IS their number. Somehow the scammers are able to do this. Add to this the logos or whatever else that showed were familiar to him.

And the following at first did not makes sense either, having him repeat the number. Like, if they knew the number, why have him repeat it, right? But here's the thing, they did NOT know the number, the number was the final piece of what they needed. They had enough info to attempt to get into his account, but they couldn't get by the verification process.

So they started the login, Apple then sent the number to his phone, which when given to the scammers allowed them to enter it and take over.

At least that's my take on it.

LtTx

(109 posts)
39. This is exactly what happened to us in Oct 2025.
Sat Jul 11, 2026, 06:35 PM
16 hrs ago

Luckily about 3 or 4 hours later I started having doubts.. Called and cancelled 31k worth of charges. Pay Pal was also involved. We notified them also 3 hours later. They dismissed our claim outright but the credit cards did not, so PayPal is left holding the bag. Mine involved a Fidelity account and they spoofed Fidelity's number. We reported it to the FBI line and our local sheriff office. Everything looked so legit.

Latest Discussions»General Discussion»How a Stranger Used One T...