CIT

If you receive a message saying a large Apple Pay payment has been blocked and you need to call a number urgently…

STOP 🚩

There’s a new scam circulating that targets Apple users, and it’s very convincing.

The email or text usually claims that a high-value purchase has been attempted using your Apple Pay details.

It might mention suspicious activity, a blocked transaction, or even a fake case number. The branding looks polished. The formatting feels official.

Really? The phone number in the message connects you directly to scammers.

The tactic is simple.

Create anxiety about losing a significant amount of money, then offer a quick solution 😱

When people believe their account is under threat, they’re more likely to act without double-checking.

Once on the phone, the criminals typically try to gather your Apple ID login details, verification codes sent to your device, or card information.

With that, they can attempt to take control of your account ⚠️

Here are a few important facts:

Apple does not send fraud alerts asking you to call a number included in an email or text message.

It also doesn’t use aggressive language suggesting your account will be locked if you don’t respond immediately.

That kind of urgency is a common phishing technique 🎣

If you ever receive something like this, check the sender’s email address carefully.

It may look genuine at first glance, but small spelling errors or unusual domain names often give it away.

Generic greetings like “Hello {Name}” instead of your actual name are another warning sign.

It’s also worth remembering that if a payment really were suspicious, your bank would normally step in automatically.

Banks tend to block unusual transactions and contact you directly through official channels.

You would approve a legitimate payment, not scramble to stop it via a random phone number in a text.

If you’re unsure, don’t use any contact details from the message 🚫

Instead, go directly to Apple’s official website yourself and use the support options there.

Or check your purchase history on your device: Settings > Tap your name > Media & Purchases > View Account > Purchase History

That will show you whether any genuine transactions have taken place.

Scammers are becoming more sophisticated. They’re using better branding, cleaner layouts, and fewer obvious mistakes.

That makes it even more important to slow down and verify before responding.

❓ If someone in your business received a message like this, would they know to ignore the phone number and check through official channels instead?

Some businesses feel like they’re constantly dealing with IT problems.

A system slows down or something stops working. People report it, wait for it to be fixed, and then carry on until the next issue appears.

But others rarely seem to have those disruptions.

What’s the difference?

It comes down to the way they approach their IT…

Do you use an Android phone for work? 📱

Security researchers have uncovered a new piece of Android malware that can track almost everything you do on it.

And I don’t mean basic tracking.

We’re talking:

👉 PIN entries
👉 Login credentials
👉 Messages
👉 Banking app activity

The clever (and worrying) part is how it spreads 🦠

The app is called TrustBastion.

It pretends to be a security tool. Victims see pop-ups or adverts claiming their phone is infected with malware or scam messages.

The “solution”? Install this app to clean things up.

That fear tactic works more often than you’d think 😱

At first glance, the app looks harmless. But it’s what’s known as a dropper.

That means the app itself doesn’t contain the malicious code straight away. Instead, it downloads it after installation.

Once installed, it shows a fake “update” screen that looks very similar to official Android or Google Play messages.

If you agree, a manipulated APK file (that’s the installation package format Android uses) is downloaded in the background.

But the download doesn’t come from some obviously shady server. It comes from Hugging Face, a well-known developer and AI platform with a strong reputation.

The infrastructure looks legitimate, so many security tools don’t immediately flag it as suspicious. The attackers hide behind a trusted name.

After installation, the malware requests extensive permissions and pretends to be a system component called “Phone Security”.

It then asks for Accessibility permissions.

Accessibility features are designed to help users with disabilities. But when misused, they give apps the ability to read what’s on your screen, log what you type, and overlay content on top of other apps.

That means this malware can:

⚠️ Capture PIN codes and unlock patterns
⚠️ Overlay fake login screens on top of real banking apps
⚠️ Intercept payment details and messages

The stolen data is sent back to the attackers’ servers, and the malware can even receive updates or new instructions.

To make detection harder, the criminals are using something called server-side polymorphism.

That means they generate slightly modified versions of the malware every 15 minutes.

Within a month, researchers found more than 6,000 variants.

Traditional antivirus tools often look for known “signatures”. If the file keeps changing slightly, it’s harder to block.

So, what should you take from this?

First: Only install apps from the Google Play Store.

Second: Be extremely cautious of apps that claim to clean or secure your phone while asking for deep system permissions.

Third: Only enable Accessibility access if you fully understand why the app needs it.

And don’t assume that because something’s hosted on a reputable platform, it’s automatically safe.

If your business lets staff access email, banking or cloud systems from their phones, mobile security is vital.

🤔 When was the last time you reviewed what apps are installed on your company devices?