Eric Moret recounts a harrowing experience with a sophisticated phishing attack that nearly cost him his Apple account. It began with a text message claiming to be an Apple 2FA verification code. Simultaneously, his devices showed verification notifications indicating someone was attempting to access his account. Just a minute later, an automated call from a toll-free number further confirmed the intrusion, delivering another 2FA code. This multi-channel approach created a sense of urgency and panic, setting the stage for what followed. The scammers then established credibility by creating a fake support ticket, complete with a legitimate case number and a convincing phishing website. The site mimicked Apple's design and prompted Moret to enter his case number. The attackers manipulated him into believing he was securing his account when, in reality, he was handing over his actual 2FA code. Moments later, he received an alarming email stating that a device he didn’t own had signed into his account, which led him to realize the severity of the situation. Trusting the false representations of support, Moret almost fell victim to the attack but ultimately regained control by resetting his password and terminating the call. The article highlights significant vulnerabilities in Apple’s support system that allow scammers to create legitimate-looking cases. Moret emphasizes the importance of skepticism towards unsolicited calls and texts, especially those related to account security. He advises users to verify any support tickets independently and never enter 2FA codes prompted by third parties. His experience serves as a stark reminder of the evolving tactics used in modern phishing attacks and the need for robust security measures, including hardware security keys for two-factor authentication.