The attackers: - Created a REAL Apple Support case in my name (Case ID: 102750168703) - Generated legitimate emails from apple.com - Cloned Apple's support portal (appeal-apple.com) - Got me to enter my 2FA code disguised as a "ticket confirmation"

The vulnerability: Apple's support case system lets anyone create legitimate cases in others' names, generating real case numbers and official Apple emails.

I caught it when I saw: "Your Apple Account was used to sign in on a Mac mini (2024)" - a device I don't own.

Has anyone else experienced this? The exploitation of Apple's own infrastructure for credibility is what made this so effective.

Full writeup with screenshots: https://medium.com/@eric.moret/i-almost-lost-my-apple-account-to-the-most-sophisticated-phishing-attack-ive-ever-seen-cff92a470950