Most of us know clicking links in emails or text messages is a bad idea unless you know where the message came from and where the link leads. But even then, getting tricked into clicking a phishing link is easy. Malware distributors and scammers are becoming increasingly sophisticated in how they design their attacks.

One method is to create a sense of panic and urgency so that you don’t think clearly and take the precautions you normally would. And one way to do that is to make you believe your Apple ID has been compromised. That’s how the iforgot.apple.com phishing scam works. In this article, we’ll explain what the iforgot.apple.com phishing scam is and how to avoid it.

What is iforgot.apple.com?

It’s important to know that iforgot.apple.com is a legitimate Apple subdomain. It’s the official page you should use if you need to reset your Apple ID password. When you click Reset Password, Apple will walk you through secure steps to verify your identity and create a new password.

The danger comes when scammers create fake links that look like iforgot.apple.com, but aren’t. These spoofed URLs might include subtle typos or extra characters and lead to phishing pages designed to steal your login details.

What is the iforgot.apple.com phishing scam?

A common phishing scam starts with an email that appears to be from Apple, claiming your Apple ID has been locked and urging you to reset your password immediately. It includes a link that looks legitimate, something like iforgot.apple.com.

But don’t be fooled. If you click the link, it takes you to a fake website that looks identical to Apple’s official page. Once there, it prompts you to enter your Apple ID credentials, which are then stolen and used to access your account.

How to avoid getting caught in a phishing scam

The steps to protect yourself from this scam are the same as with any phishing attempt: always verify before you click.

1. Check the sender’s email address carefully

Official Apple emails usually come from [email protected]. Apple only sends emails from addresses that end with @apple.com, with nothing added afterward. In Apple Mail (or most email apps), hover your mouse over the sender’s name and click the down arrow to reveal the full email address. If it’s not from [email protected], or if there’s anything extra after apple.com (like [email protected]), it’s almost certainly a scam.

2. Never click a link unless you're sure where it leads

Instead, hover over the link (without clicking) to preview the full address, usually in a pop-up or at the bottom of your email window. If the link points to anything other than iforgot.apple.com, it's likely a scam.

Even if the sender looks legitimate and the link appears correct, don’t click it directly from the email. The safest approach is to open your browser and manually type iforgot.apple.com to reset your password. That way, you know you're on the real website, not a convincing fake.

3. Scan your Mac for malware

While most phishing scams are designed to steal your personal data, some may also attempt to install malware on your Mac, often tricking you into clicking a download link. That’s why it’s smart to run a malware scan, even if you didn’t download anything knowingly.

I recommend using CleanMyMac's Protection feature. It thoroughly scans your system for malware and alerts you to anything suspicious. If it finds a threat, you can remove it with a single click.

Here’s how to run a malware scan on your Mac:

  1. Get your free CleanMyMac trial.
  2. Launch CleanMyMac and choose Protection.
  3. Click Scan (you can also click Configure Scan to select between quick, balanced, or a deep scan).
  4. When finished, CleanMyMac will let you know if any malware has been found and allow you to remove all detected threats.

4. Check for compromised passwords

Even if you haven’t received a breach alert, the Apple Passwords app can help you stay protected. It continuously monitors your saved accounts and notifies you if any of your passwords have appeared in known data leaks. To check, open the Passwords app on your Mac, go to the Security section in the sidebar, and review any flagged accounts. If something’s compromised, just click the account and choose Change Password to update it securely.

What to do if you have already clicked the link

If you clicked the link but didn’t enter any information:

  1. Check the URL in your browser.
    In Safari, click in the address bar to reveal the full URL. If it’s not iforgot.apple.com, it’s a scam website.
  2. Close the page immediately and do not interact with it.
  3. You don’t need to take further action, but it's smart to change your Apple ID password just in case.
  4. Report the email to Apple at: [email protected]

If you entered your Apple ID and password on the fake website:

  1. Immediately log out of iCloud on all your Apple devices.
  2. Change your Apple ID password right away at appleid.apple.com.
  3. Enable two-factor authentication if you haven’t already.
  4. Keep an eye on your Apple ID account for suspicious activity (like login attempts from unknown locations).

The iforgot.apple.com phishing scam is a particularly deceptive attack. It pretends your Apple ID has been locked due to suspicious activity and urges you to reset your password. This leads you to a fake site that looks identical to Apple’s official page.

Once there, you’re prompted to enter your current Apple ID and password. This is how the attackers steal your credentials. On its own, this shouldn't be enough to hijack your account, thanks to two-factor authentication, but it’s still a serious breach of your privacy. Verifying all email links and senders and never clicking login links from emails are the best practices to avoid all types of email scams.