Labour market expert Prof Brian Bell has called for better pay and conditions in key sectors, particularly social care
Rachel Reeves has appointed a labour market expert who has repeatedly called for better pay and conditions in key sectors, such as social care, to reduce the UK’s reliance on migrant workers as her new chief economic adviser.
Prof Brian Bell, who chairs the independent Migration Advisory Committee (MAC), which advises the government, has been announced as the new chief economic adviser in the Treasury – a senior civil service role.
Unions accuse government of acting in bad faith after Wes Streeting announces details of increase
Health unions have criticised the 3.3% pay rise imposed on 1.4 million NHS staff in England as “an insult”, with one threatening to strike over the below-inflation award.
They described the increase announced by Wes Streeting, the health secretary, as a “betrayal” of the frontline workers – including nurses, midwives and porters – who will receive it for 2026-27. The 3.3% is less than inflation, which stood at 3.4% last month, but above the rate of inflation that is expected during the next financial year.
It started with an email that looked boringly familiar: Apple logo, a clean layout, and a subject line designed to make the target’s stomach drop.
The message claimed Apple has stopped a high‑value Apple Pay charge at an Apple Store, complete with a case ID, timestamp, and a warning that the account could be at risk if the target doesn’t respond.
In some cases, there was even an “appointment” booked on their behalf to “review fraudulent activity,” plus a phone number they should call immediately if the time didn’t work. Nothing in the email screams amateur. The display name appears to be Apple, the formatting closely matches real receipts, and the language hits all the right anxiety buttons.
The email warns recipients not to Apple Pay until they’ve spoken to “Apple Billing & Fraud Prevention,” and it provides a phone number to call.
After dialing the number, an agent introduces himself as part of Apple’s fraud department and asks for details such as Apple ID verification codes or payment information.
The conversation is carefully scripted to establish trust. The agent explains that criminals attempted to use Apple Pay in a physical Apple Store and that the system “partially blocked” the transaction. To “fully secure” the account, he says, some details need to be verified.
The call starts with harmless‑sounding checks: your name, the last four digits of your phone number, what Apple devices you own, and so on.
Next comes a request to confirm the Apple ID email address. While the victim is looking it up, a real-looking Apple ID verification code arrives by text message.
The agent asks for this code, claiming it’s needed to confirm they’re speaking to the rightful account owner. In reality, the scammer is logging into the account in real time and using the code to bypass two-factor authentication.
Once the account is “confirmed,” the agent walks the victim through checking their bank and Apple Pay cards. They ask questions about bank accounts and suggest “temporarily securing” payment methods so criminals can’t exploit them while the “Apple team” investigates.
The entire support process is designed to steal login codes and payment data. At scale, campaigns like this work because Apple’s brand carries enormous trust, Apple Pay involves real money, and users have been trained to treat fraud alerts as urgent and to cooperate with “support” when they’re scared.
One example submitted to Malwarebytes Scam Guard showed an email claiming an Apple Gift Card purchase for $279.99 and urging the recipient to call a support number (1-812-955-6285).
Another user submitted a screenshot showing a fake “Invoice Receipt – Paid” styled to look like an Apple Store receipt for a 2025 MacBook Air 13-inch laptop with M4 chip priced at $1,157.07 and a phone number (1-805-476-8382) to call about this “unauthorized transaction.”
What you should know
Apple doesn’t set up fraud appointments through email. The company also doesn’t ask users to fix billing problems by calling numbers in unsolicited messages.
Closely inspect the sender’s address. In these cases, the email doesn’t come from an official Apple domain, even if the display name makes it seem legitimate.
Never share two-factor authentication (2FA) codes, SMS codes, or passwords with anyone, even if they claim to be from Apple.
Ignore unsolicited messages urging you to take immediate action. Always think and verify before you engage. Talk to someone you trust if you’re not sure.
Malwarebytes Scam Guard helped several users identify this type of scam. For those without a subscription, you can use Scam Guard in ChatGPT.
If you’ve already engaged with these Apple Pay scammers, it is important to:
Change the Apple ID password immediately from Settings or appleid.apple.com, not from any link provided by email or SMS.
Check active sessions, sign out of all devices, then sign back in only on devices you recognize and control.
Rotate your Apple ID password again if you see any new login alerts, and confirm 2FA is still enabled. If not, turn it on.
In Wallet, check every card for unfamiliar Apple Pay transactions and recent in-store or online charges. Monitor bank and credit card statements closely for the next few weeks and dispute any unknown transactions immediately.
Check if the primary email account tied to your Apple ID is yours, since control of that email can be used to take over accounts.
We don’t just report on scams—we help detect them
Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!
Update – October 30, 2025:New information confirms that Conduent’s 2024 breach has impacted over 10.5 million people, based on notifications filed with multiple state attorneys general. The largest disclosure came from the Oregon government, which reported a total of 10.5 million affected US residents. Additional notices listed 4 million in Texas, 76,000 in Washington, and several hundred in Maine.
Even if you’ve never heard of Conduent, you could be one of the many people caught up in its recent data breach. Conduent provides technology services to several US state governments, including Medicaid, child support, and food programs, with the company stating that it “supports approximately 100 million US residents across various government health programs, helping state and federal agencies.”
“On January 13, 2025, we discovered that we were the victim of a cyber incident that impacted a limited portion of our network.”
An investigation found that an unauthorized third party had access to its systems from October 21, 2024, until the intrusion was stopped on discovery.
Breach notification letters will be sent to affected individuals, detailing what personal information was exposed. According to The Record, Conduent said more than 400,000 people in Texas were impacted, with data including Social Security numbers, medical information and health insurance details. Another 76,000 people in Washington, 48,000 in South Carolina, 10,000 in New Hampshire and 378 in Maine were also affected. Conduent has filed additional breach notices in Oregon, Massachusetts, California, and New Hampshire.
The stolen data sets may include:
Names
Social Security numbers
Dates of birth
Medical information
Health insurance details
If all of those apply, it’s certainly enough for criminals to commit identity theft.
SafePay, which emerged in late 2024, threatened to publish or sell stolen data if its demands weren’t met, claiming to have exfiltrated a staggering 8.5 terabytes of files from Conduent’s systems. Though relatively new on the scene, SafePay has quickly built a reputation for large-scale extortion targeting high-profile clients globally.
Breaches like this reinforce the need for robust cybersecurity and incident response in the public sector. For the potentially millions of people affected, stay alert to fraud and identity theft.
Protecting yourself after a data breach
If you think you’ve been the victim of this or any other data breach, here are steps you can take to protect yourself:
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice it offers.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the company’s website to see if it’s contacting victims and verify the identity of anyone who contacts you using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Consider not storing your card details. It’s definitely more convenient to let sites remember your card details, but we highly recommend not storing that information on websites.
Login
