---
title: "Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News [April 06, 2026] | DuoCircle"
description: "Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News [April 06."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2026/"
---

Quick Answer

Four cyber incidents from the week of April 6, 2026: a fake Apple Pay fraud-alert SMS campaign targeting 1.8 billion iPhone users, where scammers impersonate Apple Support or law enforcement and walk victims through draining their accounts via Apple Pay or Apple Cash. Operation Atlantic, an international action led by the UK's NCA with the Ontario Provincial Police, US Secret Service, and Ontario Securities Commission, identified more than 20,000 crypto fraud victims across the UK, US, and Canada. A Philadelphia retiree lost $9,000 from his Fidelity retirement account after a spoofed-caller-ID phishing attack convinced him to read out a verification code. And tax-refund scam websites surged ahead of the April 15 IRS deadline, with researchers finding that roughly 1 in 10 tax-themed domains is fraudulent, fueled by AI-generated clone sites and phishing-as-a-service kits that harvest Social Security numbers and bank details.

Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News \[April 06, 2026\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2026/04/Apple-Pay-Scam-Crypto-Fraud-Victims-Retirement-Phishing-Loss---Cybersecurity-News-April-06-2026.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2026%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Apple%20Pay%20Scam%2C%20Crypto%20Fraud%20Victims%2C%20Retirement%20Phishing%20Loss%2C%20Cybersecurity%20News%20%5BApril%2006%2C%202026%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2026%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2026%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2026%2F&title=Apple%20Pay%20Scam%2C%20Crypto%20Fraud%20Victims%2C%20Retirement%20Phishing%20Loss%2C%20Cybersecurity%20News%20%5BApril%2006%2C%202026%5D "Share on Reddit") [ ](mailto:?subject=Apple%20Pay%20Scam%2C%20Crypto%20Fraud%20Victims%2C%20Retirement%20Phishing%20Loss%2C%20Cybersecurity%20News%20%5BApril%2006%2C%202026%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2026%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2026/04/what-is-dkim-selector-6789.jpg) 

Here are the top four cyber incidents from last week that **kept security experts** on their toes. A new [Apple Pay phishing scam](https://www.consumeraffairs.com/news/been-targeted-by-the-apple-pay-scam-you-probably-will-be-040826.html) is doing the rounds, targeting 1.8bn iPhone users. Over 20,000 crypto fraud victims have been identified across Canada, the UK, and the US. An old man from Philadelphia lost his entire retirement savings because of a phishing attack. Just ahead of the IRS deadline, i.e., April 15, security experts have noticed a steep spike in tax refund scams.

## 1.8bn iPhone users prone to Apple Pay phishing scam!

[1.8bn](https://www.msn.com/en-in/money/news/warning-to-all-1-8bn-iphone-users-over-new-scam-draining-bank-accounts/ar-AA20vSf7) iPhone users across the globe are receiving fake “Apple Pay fraud alerts.” This alert is carefully designed and sent by the scammers in the form of text messages. Each message claims that there is a serious issue with the Apple Pay account of the recipient. The messages look urgent in nature and ask for **prompt action by the user**.

_When the recipient clicks on a given URL or calls a given number, they get connected to hackers who pose as law enforcement officials or Apple Support team executives_. These scammers convince the victims by **sharing false stories**. They claim that the victim can lose their money or personal data if they fail to take necessary actions.

[![phishing](https://media.mailhop.org/duocircle/images/2026/04/spf-record-5678.jpg)](https://media.mailhop.org/duocircle/images/2026/04/spf-record-5678.jpg)

Next, the fraudsters ask the victims to move all their money to a safe place or withdraw cash using Apple Cash, Apple Pay, or similar services.

Security experts have urged all iPhone users to stay extra vigilant and practice cyber hygiene. If any iPhone user receives a message related to Apple Pay, they must avoid interacting with **it at all costs**. There are multiple red flags to look out for, such as any message that asks for security codes and passwords.

Scammers have structured this campaign cleverly so that victims themselves authorize these malicious payment transactions. They are using social engineering tactics to trick victims. 

[SPF](/content/sender-policy-framework), [DKIM](/resources/what-is-dkim), and [DMARC](/email/dmarc) strengthen [email security](/) by authenticating messages and preventing [phishing scams](https://www.osc.ca/en/news-events/news/operation-atlantic-disrupts-more-45-million-cryptocurrency-fraud-freezes-12-million-stolen-funds) like these from reaching users’ inboxes.

If any iPhone user feels that they are being targeted by threat actors, they must immediately stop all transactions and inform their banks. The same issue must also be reported to the **concerned authorities**.

## 20k+ crypto fraud victims identified!

The UK’s National Crime Agency recently led an international law enforcement operation, named Atlantic, that ultimately identified [20k+](https://www.bleepingcomputer.com/news/security/police-identifies-20-000-victims-in-international-crypto-fraud-crackdown/) crypto fraud victims. This operation took place last month and was a result of the **collaboration among the NCA**, the Ontario Provincial Police, the US Secret Service, and the Ontario Securities Commission. A couple of private industry partners also coordinated with these agencies.

[![crypto fraud](https://media.mailhop.org/duocircle/images/2026/04/spf-permerror-5990.jpg)](https://media.mailhop.org/duocircle/images/2026/04/spf-permerror-5990.jpg)

_The agencies were finally able to crack down on the culprits through active intelligence sharing, victim outreach, and by sharing technical strategies_. 

The public-private partnership worked miraculously well and will be an integral part of all future operations led by the UK. The NCA will keep working with other **agencies and private-sector partners** to evaluate every piece of intelligence received during this joint operation. The key idea is to offer active support to all the victims of crypto fraud and prevent any [future crypto scams](https://finance.yahoo.com/markets/crypto/articles/ic3-report-reveals-surge-cryptocurrency-175151045.html?guccounter=1&guce%5Freferrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce%5Freferrer%5Fsig=AQAAAM2%5FHlSsWzxwKBl6RKdi09Ve9H3IDi7XGs5QQILO60dsKU8DikUXLlTald%5FbaQhJnarzqNa4rHWuqyopQpmOVJ1573ynCOFS7jDBPyP73YWlsO8ZRYGyAOxezQNQbTU6pDxrNIBn75hhHzYTNOy564x3kNHw0Qhmvqkhtj143s4G).

## $9,000 retirement fund lost in a well-orchestrated phishing attack

_Joseph Tigue, a Philadelphia resident, received a text message, which he believed was sent by Fidelity Investments_. The text message asked him to answer in “YES/NO.” Once he responded, a call came through. Joseph was careful enough to check the called ID, which clearly mentioned “Fidelity Investments.” 

The caller requested Joseph to confirm his personal information. Soon, they asked him to read a text message that they had sent. Joseph followed all the instructions. It was around this moment that the scammers gained access to Joseph’s retirement account and wiped away a whopping [$9,000](https://www.nbcphiladelphia.com/investigators/consumer/scammers-access-retirement-savings-how-to-protect-your-money/4382988/).

On filing a claim with Fidelity Investments, Joseph got to know that he had interacted with a [malicious link inadvertently](https://finance.yahoo.com/markets/crypto/articles/ic3-report-reveals-surge-cryptocurrency-175151045.html?guccounter=1&guce%5Freferrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce%5Freferrer%5Fsig=AQAAAM2%5FHlSsWzxwKBl6RKdi09Ve9H3IDi7XGs5QQILO60dsKU8DikUXLlTald%5FbaQhJnarzqNa4rHWuqyopQpmOVJ1573ynCOFS7jDBPyP73YWlsO8ZRYGyAOxezQNQbTU6pDxrNIBn75hhHzYTNOy564x3kNHw0Qhmvqkhtj143s4G).

According to the 2025 **Internet Crime Report by the FBI**, Pennsylvania stands at sixth place in the list of states with the most suspected internet crime. In 2025 alone, Pennsylvania suffered losses worth $538 million.

[![security threat](https://media.mailhop.org/duocircle/images/2026/04/spf-record-check-5019.jpg)](https://media.mailhop.org/duocircle/images/2026/04/spf-record-check-5019.jpg)

## Steep spike in tax refund scams just before the IRS deadline!

Security experts have noticed a sudden surge in scam websites that are created to take advantage of unsuspecting taxpayers. These fake websites pose as legitimate platforms meant for helping taxpayers file their income tax returns. 

Since the deadline is April 15, the rate of fake website creation has steeped all of a sudden. Researchers have stated that [1 out of 10](https://thehill.com/homenews/5822427-surge-of-tax-refund-scams-detected-head-of-irs-deadline-what-to-watch-for/) tax-oriented domains is a potential scam website.

_Experts believe that artificial intelligence has made iway to convenient for these threat actors to mimic legitimate websites_. This drastically boosts the credibility and success rate of such scams. Apart from AI, **Phishing-as-a-Service** kits are widely available, which help scammers with little or no technical knowledge to come up with sophisticated and flawless threat campaigns. 

[![AI](https://media.mailhop.org/duocircle/images/2026/04/spf-validator-4511.jpg)](https://media.mailhop.org/duocircle/images/2026/04/spf-validator-4511.jpg)

It is because of artificial intelligence that most of the fake IRS portals resemble the genuine ones closely. But why do taxpayers fall for this tax refund scam?

These [fake websites](https://www.gsaig.gov/news/scam-alert-beware-fake-websites-mimic-legitimate-official-us-government-websites) promise lucrative tax refund offers. The payouts are generally too good to be true. But just ahead of the IRS deadline, most of the taxpayers might not even pay attention to the “**too-good-to-be-true**” payouts on income tax return filing. At this moment, every taxpayer out there is eager to save some money, and scammers know exactly how to make the most out of this mindset. 

These malicious websites often ask for highly sensitive personal information such as [social security numbers](https://www.investopedia.com/terms/s/ssn.asp), email addresses, phone numbers, and so on. 

Apart from this tax refund scam, another tax-centric fraud is taking place where threat actors come up with a [malicious IRS online tax calculator](https://www.wjhl.com/news/national/surge-of-tax-refund-scams-detected-ahead-of-irs-deadline-what-to-watch-for/). The purpose of this calculator is to help taxpayers calculate the exact amount of tax refund that they are likely to receive.

## Topics

DKIMDMARCemail securityNewsSecurityspfUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  GitHub Backdoor Threat, Cartier Data Breach, Fake RubyGems Steal, Cybersecurity News \[June 02, 2025\]  Jun 9, 2025 ](/blog/announcements/cyber-security-news-update-week-24-of-2025/)[  News 6m  Malicious npm Packages, Salesloft GitHub Breach, Malvertising Commit Trick, Cybersecurity News \[September 08, 2025\]  Sep 15, 2025 ](/blog/announcements/cyber-security-news-update-week-38-of-2025/)[  News 6m  Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News \[October 06, 2025\]  Oct 13, 2025 ](/blog/announcements/cybersecurity-news-update-week-42-of-2025/)[  News 6m  Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News \[November 03, 2025\]  Nov 10, 2025 ](/blog/announcements/cybersecurity-news-update-week-46-of-2025/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News [April 06, 2026]","description":"Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News [April 06.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2026/","datePublished":"2026-04-13T16:49:48.000Z","dateModified":"2026-04-13T17:02:21.000Z","dateCreated":"2026-04-13T16:49:48.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2026/"},"articleSection":"announcements","keywords":"DKIM, DMARC, email security, News, Security, spf, Updates","wordCount":991,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2026/04/what-is-dkim-selector-6789.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News [April 06, 2026]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2026/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News [April 06, 2026]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2026/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News [April 06, 2026]","description":"Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News [April 06.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2026/","datePublished":"2026-04-13T16:49:48.000Z","dateModified":"2026-04-13T17:02:21.000Z","dateCreated":"2026-04-13T16:49:48.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2026/"},"articleSection":"announcements","keywords":"DKIM, DMARC, email security, News, Security, spf, Updates","wordCount":991,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2026/04/what-is-dkim-selector-6789.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```