Got a Text Saying Your Apple ID Is Locked? Here's How to Tell If It's a Scam.
TL;DR
- A text or email saying your Apple ID is locked or shows “unusual activity” is almost always a phishing scam.
- Apple never asks for your password, device passcode, or two-factor code, and a genuinely locked account tells you at sign-in, not by text.
- Real Apple emails come only from an address ending in @apple.com with nothing added after it.
- Don’t tap the link. If you actually need to reset your password, type iforgot.apple.com into your browser yourself.
- Report the fake by screenshotting the text or forwarding the email to reportphishing@apple.com, then delete it.
Your phone buzzes. “Apple ID Locked: unusual sign-in activity detected. Verify within 24 hours or your account will be suspended.” There’s a link. Your stomach drops, because you actually do keep everything in that account. Photos, cards, the works.
Breathe. That text is a scam. Once you know the two or three things Apple would never do, you can spot the fake in about five seconds every time.
Why the Apple ID text scam works
The Apple ID text scam works on fear and speed, not cleverness. It names the one account almost every iPhone owner cares about, then puts a countdown on it. “24 hours.” “Immediate action required.” Apple renamed Apple ID to Apple Account back in 2024, but the scam texts still say Apple ID, and honestly so does your muscle memory, so that’s what we’ll call it here.
The link goes to a page that looks exactly like Apple’s sign-in screen. You type your password. Then it asks for the six-digit verification code your real iPhone just showed you. The moment you hand that over, the scammer is typing it into the real Apple site and taking the account. Trend Micro tracked a sharp rise in these Apple impersonation texts through 2026, and the FTC has been flagging the same pattern across brands: a familiar name, a fake charge or lockout, and a link that captures both your password and your two-factor code.
The tell is the panic itself. Real security messages don’t threaten you with a stopwatch.
What a real Apple message looks like, and what a fake one doesn’t
Here’s the single most useful fact. Emails claiming your Apple ID has been “locked” or “disabled” are always phishing. Apple doesn’t warn you by email that your account is locked. If an account actually gets disabled, you find out when you try to sign in, not from a message telling you to click somewhere.
A few more checks that take seconds:
Apple only sends email from an address ending in @apple.com with nothing after it. Legitimate account emails usually come from no-reply@apple.com. If the sender is apple.support-verify@mail-secure.co or anything with extra words tacked past “apple.com,” it’s fake. On a text, the giveaway is often a random 10-digit number or an email address you’ve never seen, not an official short code.
The link is the other tell. Press and hold it instead of tapping (this previews the real destination without opening it). If the text says Apple but the URL underneath is apple-id-verify.review or a string of nonsense before the real domain, walk away.
And the hard rule, straight from Apple: Apple will never ask you for your password, your device passcode, or your two-factor code, and will never ask you to tap “Accept” on a two-factor prompt to “verify.” If a message or caller wants any of those, it isn’t Apple.
The one link worth trusting: iforgot.apple.com
Scammers love to send a link that reads iforgot.apple.com because it’s real. That is Apple’s actual password-reset page. The trick is that the visible text says one thing while the link points somewhere else entirely.
So use it, just never from the message. Open Safari yourself and type iforgot.apple.com by hand, or reset from Settings on your iPhone: tap your name at the top, then Sign-In & Security. Checking your account status directly, instead of through a link someone sent you, closes the whole scam. There’s nothing to steal if you never land on the fake page.
What to do if you already tapped the link
If you entered your password on a page you reached from a text, change your Apple Account password now, from Settings or from iforgot.apple.com typed in yourself. Do it before you finish reading this.
If you also typed in a verification code, assume the scammer tried to get in immediately, and move fast. Change the password, then check the devices on your account (Settings, your name, scroll to the device list) and remove anything you don’t recognize. Make sure two-factor authentication is still on and tied to your own phone number. If you can’t get back in at all, that’s when to contact Apple directly through support.apple.com, not a phone number from the text.
Worried about a parent or grandparent who might have tapped? Don’t lead with “why did you click that.” Lead with “let’s change the password together right now.” The scams have gotten genuinely convincing, and the useful move is fixing the account, not the lecture.
How to stop these texts from reaching you in the first place
You can’t stop scammers from blasting Apple lookalike texts to millions of numbers. What you can do is keep them out of your face so you’re never reading one at 11pm with your guard down.
Blocking the sender barely helps here, because the next text comes from a fresh number or a throwaway email address. That’s the exact gap we built Not Today to close. Instead of chasing individual numbers, it filters on the content and the patterns these scams reuse, so a text pushing a fake Apple lockout link gets caught before it reaches you, even when the sender changes every time. It also checks incoming numbers against a community database of 85,000+ reported spammers. Fewer of these ever hit your lock screen means fewer chances to click on a bad night.
Report it, then move on
Apple wants these. For a scam text, take a screenshot and send it to reportphishing@apple.com. For a phishing email, forward the whole thing to the same address. Then delete it and get on with your day.
The pattern is worth memorizing because it never really changes: familiar brand, sudden lockout, ticking clock, one convenient link. Apple isn’t going to text you a countdown. Your bank won’t either. Slow down for five seconds, check the sender and the link yourself, and the whole thing falls apart.
Not Today is a free spam-blocking app for iPhone. We built it to catch spam before it reaches you, using keyword rules, a community database of 85,000+ reported numbers, and optional AI detection. No account required. Download on the App Store.