Phishing Active · 2024–2026 Impersonation

Got a text or email that your account is suspended? Here's what it is.

ScamChecker.online · Last verified June 2026 · Active and growing · 5 min read

In a nutshell

A text or email warns that your Apple, Amazon, Microsoft, Netflix, PayPal, or bank account is locked or suspended - and you must "verify" right now.
The message is fake. The link goes to a copycat login page built to capture your password, card, or verification code.
The real company isn't behind it. Its name is being used as bait - the brand is the impersonation victim here, just like you.
The fix is simple: don't click the link. Check the account by opening the app or typing the address yourself.

Our verdict

This is a scam. Real companies don't send a link asking you to confirm your password or payment details to avoid suspension. The "problem with your account" is the hook - the page on the other end of the link is the trap.

Does this sound familiar?

You got a message warning that something's wrong with an account. "Suspicious sign-in." "Payment failed." "Your account will be suspended in 24 hours." It looks like it's from a company you actually use, and it has a link that supposedly fixes everything. The instinct is to click before you lose access.

Below are reconstructed examples of how these messages arrive. The brand and wording change - the structure doesn't. (Illustrations, not real screenshots. Sender names are real brands being impersonated; the links and addresses are fictional.)

✉

Inbox

Netflix

billing@netf1ix-account[.]com

Your membership is on hold

We couldn't process your payment. To avoid cancellation, update your billing details within 24 hours. Update payment

"Update your billing within 24 hours." The sender address is a look-alike domain (netf1ix-account, not netflix.com). Streaming brands are a favorite cover.

Unknown

+1 (555) 555-0173

Text Message · Today 09:41

Amazon: We detected an unusual sign-in to your account from a new device. Your account has been locked for security. Verify your identity now: amaz0n-verify[.]net/secure

"Unusual sign-in, account locked, verify now." Amazon is one of the most impersonated brands. The link domain (amaz0n-verify) is the giveaway.

Apple Support

no-reply

Your Apple ID has been locked due to suspicious activity. To unlock it, confirm your information within 24 hours or your account will be permanently disabled. appleid-locked-verify[.]com

08:12

A locked-account threat with a deadline and a confirm-your-info link. Apple and Microsoft account locks are common variants of the same script.

The brand rotates - Apple, Amazon, Microsoft, Netflix, PayPal, a bank, a delivery company - but the shape holds: a problem with your account, a deadline, and a link to "verify." This pattern goes by several names: account-suspension phishing, account-verification phishing, "verify your account" scam, and when it comes by text, smishing.

How it works

The scam runs in four phases. The first three take seconds; the damage in phase four can take weeks to surface. (The screens below are illustrations.)

The alert

A text or email lands, posing as a brand you use. It claims a problem: a suspicious sign-in, a failed payment, an account locked for security. There's a countdown - "within 24 hours" - and a link that promises to fix it. The FTC's own description: it might say they noticed suspicious activity (they didn't), or a problem with your account or payment (there isn't).

Microsoft account team

security@ms-account-verify[.]com

Unusual sign-in activity

We detected a sign-in attempt from an unrecognized device. Verify now or your account will be suspended. Verify account

⏰ A deadline plus a link. Urgency is there to stop you thinking.

The copycat page

The link opens a page that looks like the real sign-in - same logo, same layout, same colors. The only honest clue is the web address, which is a look-alike domain, not the brand's real one. The page exists for one purpose: to receive what you type.

🔒 appleid-locked-verify[.]com/signin

Apple ID

Apple ID (email)

Password

🔎 The padlock only means the page is encrypted - not that it's real.

The harvest

You enter your password, and often a card number or a verification code too. The page captures all of it. Many copycat pages then forward you to the real website, so the login "works" and nothing seems wrong - which buys the scammer time before you notice.

Captured Sent to scammer

Harvested from the form

Email · Password

⚠ + card details and any code you entered

Then redirected to

the real site looks fine

📤 What you type is logged instantly. The redirect hides that it happened.

The takeover and the charges

With your login, the scammer signs into the real account, changes the password and recovery details to lock you out, and goes to work: making purchases, draining stored balances, or reading email to reset your other accounts. Stolen card details get charged or sold. Sometimes a follow-up "fraud department" call arrives to squeeze out more.

⚠️

Password changed

Your recovery email was updated. You're now locked out of your own account.

What they do next…

↑

Lock you outnew password

↑

Charge the cardpurchases

↑

Reset other accountsvia your email

One captured login can open every account that shares it.

Remember

Real companies don't send links to "confirm" your password.

Check the account by opening the app or typing the address yourself.

A deadline is pressure, not proof.

The padlock means encrypted, not trustworthy.

Red flags to catch it early

None of these alone is proof. Several together means stop.

An unexpected "problem with your account"

A message you didn't expect, claiming suspicious activity, a failed payment, or a lock. Real alerts rarely arrive with a link demanding immediate action.

A deadline

"Within 24 hours," "or your account will be permanently disabled." Urgency exists to push you past the point of checking.

"Verify now or lose access"

A link to a look-alike address

The domain isn't the brand's real one - extra words, swapped letters, or an odd ending. amaz0n-verify[.]net is not amazon.com.

It asks you to confirm a password, card, or code

Legitimate companies don't ask you to re-enter your password or full card details through a message link, and never ask for a verification code.

Generic greeting or small errors

"Dear Customer," odd grammar, a logo that's slightly off. Many are polished now, so a clean-looking message is not a green light.

It knows a little, to seem real

Some include the last four digits of a card or a real-looking order number. A scrap of true-looking detail is meant to lower your guard, not prove legitimacy.

Already clicked or entered your details?

If you typed anything into the page

Change passwords, lock the card, then report

Move fast. The first minutes after entering your details are when most damage is prevented.

Change the password now - at the real site Open the app or type the real address yourself, sign in, and change your password. If you can, sign out all other sessions and turn on two-factor authentication.

Change it anywhere you reused that password Especially your email - if the scammer gets into your email, they can reset everything else. Use a unique password for each account; a password manager makes that workable.

If you entered card or bank details, call your bank Report the card as compromised and ask them to watch for or block fraudulent charges. They can reissue the card. Check recent transactions for anything you didn't make.

If you shared personal information, get a recovery plan In the US, report at IdentityTheft.gov for a step-by-step plan, and consider freezing your credit. Watch your accounts for unfamiliar activity.

Report the phishing message Forward suspicious texts to SPAM (7726) and suspicious emails to reportphishing@apwg.org. Tell the FTC at ReportFraud.ftc.gov. You can also report the impersonation to the real company.

Ignore any "we can fix it" follow-up that asks for a fee Victims are often hit by a second contact - a fake "fraud department" or a money recovery scam charging upfront to restore access or recover funds. No legitimate service works that way.

Where to report it

Start here

FTC - ReportFraud.ftc.gov

Federal Trade Commission. Covers phishing and impersonation scams. Your report feeds investigator databases.

reportfraud.ftc.gov

If you shared personal information

IdentityTheft.gov

FTC tool that builds a personal recovery plan if your login, card, or identity details were exposed.

identitytheft.gov

If you lost money

FBI - IC3.gov

Internet Crime Complaint Center. File here if money was charged or transferred.

ic3.gov

Forward phishing texts to SPAM (7726) and phishing emails to reportphishing@apwg.org. Report the impersonation to the real brand too.

Start here

Action Fraud

UK national fraud and cybercrime reporting. Online or phone: 0300 123 2040.

actionfraud.police.uk

To report a phishing message

NCSC reporting

Forward suspicious emails to report@phishing.gov.uk and texts to 7726.

ncsc.gov.uk

If money left your account, tell your bank's fraud team immediately.

Start here

Scamwatch (ACCC)

Australian Competition and Consumer Commission. Your report helps warn others and track patterns.

scamwatch.gov.au/report-a-scam

If an account or device was compromised

Australian Cyber Security Centre

cyber.gov.au/report-and-recover/report

If identity information was shared

IDCARE

Australia and New Zealand's national identity and cyber support service. Free specialist help.

idcare.org

Canada

Canadian Anti-Fraud Centre

antifraudcentre-centreantifraude.ca

European Union

Europol Cybercrime Reporting

europol.europa.eu

Not sure where?

FTC ReportFraud (US)

Search "[your country] report phishing" for your local body, or start with the FTC.

reportfraud.ftc.gov

How big is this problem?

Impersonating a trusted brand is one of the most reliable ways to steal a login, which is why it's so common. Year after year, impersonation is the top fraud reported to the FTC.2 Account-suspension phishing is a core tactic: the FTC's own example is a message saying "your streaming account is about to be suspended unless you respond quickly," with a link that supposedly fixes the problem.1

$2.95B

Reported lost to business and government impersonation scams in 20242

Impersonation is the most reported fraud category to the FTC, year after year2

The most common way consumers said scammers first contacted them in 20242

$12.5B

Total reported fraud losses in the US in 2024, up 25% on the prior year (all fraud types)2

The brands used as cover are the ones nearly everyone has an account with: Apple, Amazon, Microsoft, Netflix, PayPal, banks, and delivery companies. They are the impersonation victims, not the source - their names are borrowed precisely because you trust them. When a real-looking message and a real-looking login page line up, the only reliable tell is the web address.

The defense the FTC repeats is simple and works: don't click links in unexpected messages about your accounts. If you're worried something's wrong, contact the company using a link or number you already use, or open the app directly.1 Even opening a link can expose you, so the safest move is to check the account yourself rather than trust the message in front of you.3

Sources

Federal Trade Commission, "Don't take the bait on phishing scams", September 2024. The account-suspension framing, the three phishing tells (suspicious activity / account problem / confirm your info), and the "contact the company through a channel you trust" guidance.
Federal Trade Commission, "FTC Highlights Actions to Protect Consumers from Impersonation Scams", April 2025, with 2024 fraud totals from the March 2025 Consumer Sentinel data release. Impersonation as the top reported fraud, the $2.95B business/government impersonation figure, email as the most common contact method, and the $12.5B all-fraud total.
Federal Trade Commission, "How to recognize and avoid phishing scams". How phishing pages capture credentials, why even opening a link is risky, and where to report (7726 and reportphishing@apwg.org).

Researched and maintained by ScamChecker.online

We document recurring online scam patterns using primary sources - government agencies, law enforcement, and security researchers. We do not accuse named businesses; when a brand appears here, it's because scammers are impersonating it. Ads on this page do not influence our reporting. Read about how we research or who we are.

Last verified: June 2026 · Reviewed against current FTC guidance