Fake Apple Two-Factor Authentication Prompt Scam
Scammers abuse Apple's trusted-device two-factor system by flooding a victim's Apple devices with repeated authentication requests, then calling them pretending to be Apple Support to extract the six-digit code.
Part of: Fake Two-Factor Authentication Scams
Last reviewed: 7 June 2026
Apple's two-factor authentication works by sending a pop-up notification to your trusted Apple devices — iPhone, iPad, or Mac — whenever a sign-in attempt is detected. The pop-up shows the sign-in location on a map and a six-digit code. Scammers have developed a method to weaponise this legitimate security feature by triggering the pop-up repeatedly.
The attack, sometimes called 'MFA fatigue' or 'push bombing', involves triggering many Apple ID sign-in attempts in rapid succession. If the victim's devices are flooded with authentication pop-ups at inconvenient hours, some people dismiss them by tapping 'Don't Allow' repeatedly — or in exhaustion, accidentally tap 'Allow'.
A second phase of the attack involves a follow-up phone call. The scammer, spoofing Apple's support number, tells the victim their account is under attack. They offer to 'help secure' it but need the victim to share the one-time code that Apple is about to send. This call arrives while the victim is already on edge from the flood of notifications.
How this scam works on the Apple brand
Apple's legitimate two-factor pop-ups show the city and country of a sign-in attempt on a map. A genuine new sign-in from your own device will show your own location. A flood of pop-ups showing unfamiliar cities — particularly when you are not trying to sign in — is an active indicator of an attack.
When a scammer calls claiming to be Apple Support, they typically know the victim's full name and general location, which they obtained from a data broker or leaked database. This personal knowledge makes the call feel genuine. They claim their team has detected hacking attempts and that the victim should share the next six-digit code Apple sends so 'Apple can lock out the attacker from the server side'.
The real Apple will never call you unsolicited about a security event, and Apple Support staff do not need your two-factor code. If someone presents a believable story about why they need your code, the story itself is the scam.
Common red flags
- Multiple Apple two-factor pop-ups appearing on your devices when you are not signing in anywhere
- A phone call from someone claiming to be Apple Support arriving shortly after the pop-up flood
- The caller knows your name but asks for your Apple two-factor code over the phone
- The caller ID shows Apple Support's number — caller ID can be spoofed
- The caller says they need your six-digit code to 'block' an attacker on Apple's servers
- Urgency pressure: 'you must share the code right now or your account will be locked permanently'
How to protect yourself
- Tap 'Don't Allow' on every unexpected two-factor pop-up — Apple does not need you to share the code by phone
- Never share a two-factor code with anyone who calls you, even someone who appears to be from Apple
- If you receive a suspicious call, hang up and contact Apple Support directly at apple.com/support
- Review trusted devices in your Apple ID settings at appleid.apple.com and remove any you do not recognise
- Change your Apple ID password if you believe your credentials were exposed in a data breach
- Consider enrolling in Apple's Advanced Data Protection to limit what iCloud data is accessible even with credentials
How to report it
- Report the suspicious call and the Apple ID attack to Apple Support at apple.com/support
- Forward any related phishing emails to [email protected]
- Report the spoofed phone number to your carrier and the FCC at fcc.gov (US) or Ofcom at ofcom.org.uk (UK)
- File a report with the FTC at reportfraud.ftc.gov (US) or Action Fraud actionfraud.police.uk (UK)
Frequently asked questions
Why does Apple's two-factor system send codes to all my devices?
When a sign-in to your Apple ID is attempted, Apple sends a verification prompt to all your trusted devices simultaneously. You only need to approve it on one device. If you are not signing in yourself, you should tap 'Don't Allow' on all the prompts and change your Apple ID password.
Can I turn off Apple's two-factor authentication to stop the pop-up flood?
Apple requires two-factor authentication for most Apple ID accounts and it cannot be turned off. However, the correct response to a pop-up flood is to deny all prompts and then change your Apple ID password, which will invalidate the attacker's attempt to log in.
Does Apple ever call customers about security events?
Apple does not make unsolicited outbound calls to customers about Apple ID security events. You can always initiate a call with Apple Support at apple.com/support if you are concerned, but you should never respond to an inbound call claiming to be Apple Security.