Someone trying to hack my Apple password using security questions

I keep these emails everyday, someone is trying to hack my account clearly:

“We were unable to reset the password for your Apple Account (xxx@gmail.com) because there were too many unsuccessful attempts to answer your security questions. To protect the security of your account, you will not be able to reset your password for the next eight hours.”

when I go into my Apple settings I see that I have 2 factor authentication enabled but I don’t see anything related to security questions. (I want to change them)

how exactly are these hackers trying to answer these security questions ? Do I need to be concerned ?

Posted on Dec 21, 2025 6:14 AM

Top-ranking reply

Limnos

Level 10

428,531 points

Posted on Dec 21, 2025 12:34 PM

As I said before, if you are using two factor authentication then there are no security questions. If you set two factor it is impossible to then have security questions.

Bogus from scammers. They don't care if they got things right. They can send out an email to 100,000 people and if even 20 people try to sign into a fake "Apple" web page and reveal their account information, the scammers have won.

Read this document if you think your Apple Account has been compromised. --> If you think your Apple Account has been compromised - Apple Support

For iOS 15 or earlier, if you want to see if anyone else has access to your device or accounts, click here --> Checklist 1: Limit device and account access - Apple Support

For iOS 16 or later see how Safety Check on iPhone works to keep you safe. Safety Check for an iPhone with iOS 16 or later - Apple Support

Use the information in this document to check your Apple ID device list to find where you're signed in --> Check your Apple Account device list to find where you’re signed in - Apple Support

Related materials:

Personal Safety User Guide

Personal Safety User Guide - Apple Support

> open the Table of Contents and review the articles

A document with general information about security and your Apple ID --> Security and your Apple Account - Apple Support

Contact Apple for help with Apple ID account security. This page provides country-specific Apple Support contact information ➞ Contact Apple Support - Apple Support

View in context

40 replies

John Galt

Level 10

155,870 points

Dec 22, 2025 3:50 PM in response to Limnos

So are we to understand your conclusion is that the email is a fake, that it did not come from Apple, and that the OP should delete it as the spam it appears to be?

If so, is that conclusion in accordance with the actions have been proposed?

Limnos

Level 10

428,531 points

Dec 22, 2025 6:35 PM in response to John Galt

My conclusion is the situation as presented is an enigma. I do not have the skill to determine if the email is truly real or fake. I think that the easiest way would be to see if Apple can offer an explanation.

Phil0124

Level 10

217,616 points

Dec 24, 2025 7:14 AM in response to InformedBuyerR

InformedBuyerR wrote:

Bogus from who? The email is from Apple (appleid@id.apple.com), I’ve verified the headers and DKIM signatures. Definitely authentic Apple emails.

the question is how are hackers able to try to access security questions to reset a password when I have 2 factor authentication enabled?

Got to remember to read the whole thread before answering.🤦🏻‍♂️

Still, security questions are not a thing when using Two-Factor authentication. There's no way to access or change them, and it won't ask for them when trying to reset the password for any reason.

Unless this is a glitch with Apple'a servers, it would point to a scam, but since it does not appear to have any nefarious links or phone numbers it's strange to say the least.

There is no way to guarantee it's fake, but considering how two-factor authentication works, it's strange to say the least.

Dec 24, 2025 2:05 PM in response to Phil0124

That’s what I’m trying to point out here. There a glitch or hole in apples servers which is allowing someone I access security questions. Guessing. It could be an old iOS version or some api or some old device that’s still use the security question APIs allows then to bypass the 2 factor auth.

the email is genuine and all links are leading back to Apple.com and the DKIM, SPF and Digital signatures are all valid and authenticated by Apple.

Limnos

Level 10

428,531 points

Dec 21, 2025 7:13 AM in response to InformedBuyerR

Those are probably bogus emails. If you have 2 factor set on your account, security questions no longer exist. Have a read of Two-factor authentication for Apple Account - Apple Support