New Phishing Scam Exploits Apple Mail's 'Trusted Sender' Label; Beware Personal Data Theft

On March 19, 2026, a new phishing scam exploiting Apple Mail's 'trusted sender' indicator was exposed. The phishing emails leverage Apple Mail's automatic 'trusted sender' banner, which appears when a sender's address is in the recipient's contacts or if there has been prior correspondence.

Scammers are using misspellings like 'Cloud+' for 'iCloud+' and generic salutations such as 'Dear user.' They employ urgent warnings, such as the permanent deletion of cloud data, to pressure users into clicking links without proper consideration. This banner is merely a convenience feature based on device history, not Apple's official security verification system, and can actually appear even on phishing emails from untrusted senders.

The objective of these phishing emails is to create a sense of urgency in users, preventing them from properly verifying the message, and then to steal personal information (such as Apple ID) by having them click malicious links. Users need to be cautious as phishing cases exploiting Apple Mail's 'trusted sender' label have been discovered.