CyberSafety Awareness Week: The Phish That Almost Worked

Yesterday we talked about good habits.

Today, I want to tell you about Megan — a real client (name changed) who almost fell for one of the most convincing scams I’ve ever seen.

If you’ve ever wondered “Would I catch a phishing attempt?” 

…this one will make you think twice.

“Your Apple ID Has Been Locked”

It was a normal Tuesday morning when Megan got an email that looked perfectly legit:

• Apple logo

• Clean formatting

• No typos

• A link that looked like it went straight to apple.com

Even the timing was believable — she had just bought a new iPhone the week before.

So when she saw:

“Your Apple ID has been locked for security reasons.” 

…her stomach dropped.

And that’s exactly what scammers want.

The First Red Flag

She clicked the link.

The page looked identical to Apple’s sign-in screen — same colors, same layout.

Her first instinct was to enter her password.

But something felt… off.

She couldn’t explain it — just a quick gut feeling.

So instead of typing anything, she called me.

The Trap Behind the Screen

I asked her one question:

“Before the page loaded, did you see the website address at the top?”

Silence.

Then:

“No… I didn’t look.”

She checked again.

And there it was — the tiny detail that saved her:

appleid-verify-security.com

Not Apple. Not even close.

The scammers had cloned Apple’s entire login page.

If she had entered her password, they would’ve had full access within seconds.

How We Fixed It

Since she didn’t enter anything, she was safe.

But we still:

• changed her Apple ID password

• turned on two-factor authentication

• added alerts to her email

• checked for other suspicious messages

Then she said something a lot of people feel but rarely admit:

“I consider myself pretty tech-savvy. I can’t believe I almost fell for that.”

That’s the thing about phishing — it’s not about intelligence.

It’s about timing, emotion, and distraction.

And scammers know exactly how to use all three.

Three Lessons From Megan’s Close Call

1. Your gut is a powerful security tool

If it feels rushed or scary, slow down.

2. Always check the address bar before typing passwords

Legitimate companies don’t use strange URLs.

3. If you’re unsure — ask someone

A second pair of eyes is the #1 way my clients avoid disasters.

CyberSafety Week Takeaway

The more convincing scams get, the more we need to rely on simple habits — and just a moment of pause.

If you ever get a suspicious message, don’t click anything.

Send it to me. I’m happy to take a look anytime.