Apple iCloud MetaMask Seed Phrase Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: CRITICAL | View Full Scam Details

Beware the Apple iCloud MetaMask Seed Phrase Scam in India, 2026: How Cybercriminals Steal Your Crypto and Data

A new phishing scam targeting iOS users in India tricks victims into giving away their Apple iCloud and MetaMask crypto wallet secrets — risking severe financial loss and identity theft.

What Is the Apple iCloud MetaMask Seed Phrase Scam?

The Apple iCloud MetaMask Seed Phrase Scam is a critical cybercrime trend reported in India during 2026, mainly targeting individuals who use Apple devices and cryptocurrency wallets like MetaMask. Fraudsters pose as Apple Support representatives, using phishing emails, calls, or messages on WhatsApp to create urgency by falsely claiming that the victim’s iCloud account has been compromised. The scam specifically aims to extract the victim’s MetaMask seed phrase — a secret key that controls access to digital assets on the blockchain.

In India, where smartphone use and interest in cryptocurrencies are surging, this scam has been reported across multiple states, especially among users seeking assistance for iCloud account recovery or crypto wallet security. Social media platforms and messaging apps serve as hunting grounds, as scammers monitor conversations about crypto to identify potential victims. While official advisories from RBI or CERT-In have not singled out this exact scam yet, they broadly warn about the rising threat of phishing and social engineering attacks involving iCloud and crypto platforms. The Indian Cyber Crime Coordination Centre (I4C) recommends vigilance around unsolicited support calls and unknown links claiming to be from tech giants like Apple.

How This Scam Works — Step by Step

1. Initial Contact: The scam starts with the victim receiving an unsolicited email, WhatsApp message, or phone call from a person claiming to be Apple Support. The caller may already know some personal details, gathered from social media profiles, making their story seem genuine.

2. Creating Urgency: The scammer states that the victim’s iCloud account has been breached or is at risk due to suspicious activity. They warn that unauthorized access could lead to permanent loss of data or funds held in connected wallets like MetaMask.

3. Phishing and Social Engineering: The victim is asked to verify their identity by sharing OTPs sent to their phone or to login through a fake Apple login page. Scammers might also ask the victim to share their MetaMask seed phrase "to restore wallet access" or "secure it from hackers."

4. Stealing Access: Once the victim shares the seed phrase and OTPs, the scammers gain full control over the victim’s MetaMask wallet and iCloud account.

5. Draining Funds: With control of the crypto wallet, scammers transfer out cryptocurrencies — often converting to less traceable assets. At the same time, they may use iCloud access to steal personal data or reset passwords on other financial or social accounts.

6. Covering Tracks: Victims realize the theft only after noticing missing funds or strange activity. Often, by then, reversing UPI transactions or recovering crypto assets is nearly impossible due to the decentralized blockchain structure.

Real Warning Signs to Watch For

• Calls or messages pressuring you to act immediately to "secure" your iCloud or crypto wallet
• Requests for your MetaMask seed phrase under any pretext (legitimate support never asks for this)
• Links or login pages that do not come from official Apple domains (check URL carefully)
• Unexpected OTP requests, especially if linked to suspicious calls or messages
• Scammers using partial personal info to build trust—check if the information matches your online presence or seems overfamiliar
• Demands to download remote access apps or software for your iPhone or Mac
• Receiving warnings or requests outside of your usual interactions with Apple or MetaMask

What Happens to Victims

Victims often suffer severe financial loss, especially if they hold significant cryptocurrency in their MetaMask wallets. Unlike UPI or bank transactions, cryptocurrency transfers are irreversible once confirmed on the blockchain, making recovery nearly impossible. In some cases, scammers use iCloud access to exploit Aadhaar-linked apps or services by stealing identity data and SIM swapping the victim’s phone number, leading to further fraud.

Emotionally, victims face immense stress and loss of trust in digital services, compounded by the difficulty navigating grievance redressal. In India, many affected individuals report challenges filing complaints due to lack of awareness, especially when assets vanish virtually overnight.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) repeatedly emphasizes awareness regarding phishing and social engineering attacks, advising users to never share OTPs or confidential details. CERT-In’s advisory framework highlights the rise in cyber incidents involving fake support calls and phishing targeting cloud storage and crypto users.

The Ministry of Home Affairs has set up the Indian Cyber Crime Coordination Centre (I4C), which runs the national cybercrime helpline at 1930. This helpline supports victims of such fraud, enabling prompt reporting and coordination with authorities.

Users are recommended to follow RBI’s guidelines on secure digital payments and CERT-In’s advisories on handling phishing attempts. Additionally, the meta-regulatory framework in India mandates telecom service providers to verify SIM swap requests thoroughly, but users should remain cautious and report suspicious activity immediately.

How to Protect Yourself

1. Never share your MetaMask seed phrase with anyone — no official support will ever ask for this.
2. Ignore unsolicited calls or messages claiming to be Apple Support demanding immediate action.
3. Always access Apple or MetaMask accounts directly through official apps or websites, not via links sent in messages.
4. Verify caller identity independently — call Apple Support using official contact numbers listed on their website.
5. Do not share OTPs or passwords with anyone over the phone or email, even if they claim to be from a trusted source.
6. Use strong, unique passwords and enable two-factor authentication (2FA) wherever possible on your Apple and crypto accounts.
7. Regularly check your accounts for unusual activity and immediately report any unauthorized access to your crypto wallet provider and Apple Support.

What to Do If You've Been Targeted

• Immediately disconnect your device from the internet and change passwords for your Apple ID and related accounts from a secure device.
• Freeze or lock your MetaMask wallet if possible by transferring funds to a new wallet with a new seed phrase.
• Report the incident to your local police cybercrime cell and file a complaint on the official portal cybercrime.gov.in.
• Call the national cybercrime helpline at 1930 for guidance and assistance.
• Contact your mobile service provider to ensure your SIM is secure and to prevent or reverse unauthorized SIM swaps.
• Inform your bank if you notice any suspicious UPI or bank transaction activity and follow their process for dispute resolution.

Frequently Asked Questions

Q: Can Apple Support ever ask for my MetaMask seed phrase or OTP?
A: No. Apple Support will never ask for your crypto wallet seed phrase or OTP. Any request for such information over calls or messages is almost certainly a scam.

Q: How can I distinguish a real Apple Support call from a scammer?
A: Genuine Apple Support usually does not call unsolicited or pressure you for sensitive data. Always end suspicious calls and contact Apple directly through official numbers or the Apple Support app.

Q: Is it possible to recover lost cryptocurrency after sharing my MetaMask seed phrase?
A: Unfortunately, cryptocurrency transactions are irreversible on the blockchain. Once scammers transfer your crypto, recovery is very difficult — prevention is critical.

Suspicious about a call or message? Verify any Apple or wallet-related communication at BharatSecure.app and report fraud quickly via the national helpline 1930.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.