Apple ID Locked Phishing
Attack Trigger
Fear of losing access to all Apple devices and purchased content
What Attackers Want
Apple ID credentials / payment card on file / iCloud data
How This Attack Works
Attackers send emails mimicking Apple claiming your Apple ID has been locked or suspended due to unusual activity. The linked fake Apple sign-in page captures your Apple ID, password, and security questions, giving attackers full access to your devices and payment method.
Red Flags to Watch For
- ✗Sender is not from @apple.com
- ✗Link does not go to appleid.apple.com
- ✗Email requests your security questions to unlock the account
- ✗Logo and layout are close but not identical to genuine Apple emails
Known Malicious Domains
These domains have been associated with this attack. Never click links going to these addresses.
- apple-id-locked.comMALICIOUS
- appleid-account-verify.netMALICIOUS
- apple-security-alert.comMALICIOUS
Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.
How Glance Stops This
- Domain similarity analysis catches lookalike sender addresses at millisecond speed
- SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
- VirusTotal + Google Safe Browsing checks every link in real time
- Urgency language detection scores the email higher for manual review
- Known malicious domain blocklist updated continuously from live scan data
Don't wait to get hit.
Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.
Protect My Inbox — Free