Warning: Scammers are using FaceTime to empty bank accounts

| July 14, 2026
Apple Facetime

Apple is urging users to treat any suspicious FaceTime call or message as untrusted, especially if it involves payments, refunds, password resets, or requests for personal information.

This warning appears in a broader Apple support article about scams that target iPhone and iPad users through social engineering. Apple says attackers may contact people by phone calls, FaceTime, text messages, or emails while pretending to represent a trusted organization.

The advice comes as many users still delay installing security updates, leaving them exposed even after Apple has released security patches.

Over recent months, we’ve seen a familiar pattern: attackers combine convincing Apple‑branded social engineering with known iOS vulnerabilities, then profit from the gap between “patch available” and “patch installed.”

Criminals have been reported making unsolicited FaceTime calls that look like they come from “Apple Support” or a bank, alongside messages disguised as urgent account alerts or refund offers. Once the victim answers or replies, the script is pretty much standard:

  • The caller claims there is fraudulent activity or a technical problem.
  • They pressure the user to “verify” card details, online banking credentials, or Apple ID information.
  • In some cases, they persuade the victim to install remote‑access software or share one‑time passcodes.

Nothing in this process requires malware on the device. The “exploit” is human trust, backed by familiar names, logos, and a real‑time call that feels inherently more legitimate than a text message. That makes FaceTime a useful delivery channel for social engineering, especially since users are used to seeing Apple notifications and support prompts elsewhere in their digital life.

From an attacker’s point of view, combining social engineering with vulnerabilities is attractive. Social engineering can steal your usernames and passwords, while a browser‑side exploit can silently execute malicious code when users visit a booby‑trapped site. Chain those attacks together and the attacker can move from app‑level compromise to full system control. That’s how campaigns like DarkSword operate.

How to stay safe

Apple’s advice is straightforward:

  • Don’t trust unexpected calls or texts.
  • Never share sensitive information over unsolicited contact.
  • Keep your iPhone updated to the latest iOS version.

We’d add:

  • Protect your devices with an up-to-date, real-time security solution.
  • Contact companies directly through trusted channels. Don’t use contact details provided in an email, text message, or call.
  • Use Malwarebytes Scam Guard to determine whether a message is likely to be a scam.
  • Be especially suspicious of unexpected FaceTime calls claiming to be from your bank or Apple. These organizations are unlikely to use FaceTime to contact you about serious account issues.

Apple also asks users to report suspicious FaceTime calls:

“If you receive a suspicious FaceTime call (for example, from what looks like a bank or financial institution), email a screenshot of the call information to reportfacetimefraud@apple.com.”

How to update your iPhone or iPad

To check whether you’re running the latest version of iOS or iPadOS:

  • Go to Settings > General > Software Update. If an update is available, you’ll be able to download and install it from there.
  • Turn on Automatic Updates if you haven’t already. You’ll find it on the same screen. That way, your device can install important security updates as soon as they’re available.

Scammers know more about you than you think. 

Malwarebytes Mobile Security protects you from phishing, scam texts, malicious sites, and more. With real-time AI-powered Scam Guard built right in. 

Download for iOS → Download for Android → 

About the author

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.