Why iPhone users are the new prime scam targets

iPhone users in the United States and across several European countries are more likely to fall for online scams than Android users, according to new research from Malwarebytes. The survey of 1,300 adults across the United States, United Kingdom, Austria, Germany and Switzerland found that 53% of iPhone users said they had fallen for a scam, compared with 48% of Android users. The data point to patterns of online behavior that extend beyond the device itself, suggesting that awareness and practices, not hardware, drive risk in many cases.

The Malwarebytes findings also paint a clearer picture of how users protect themselves. Only 21% of iPhone owners reported using security software, compared with 29% of Android users. Likewise, 35% of iPhone users said they set unique, strong passwords for their accounts, versus 41% of Android owners. In behavioral terms, 47% of iPhone users accepted a so‑called "best price" deal from shady sellers, compared with 40% of Android users, and 41% of iPhone owners DM’d sellers for discounts on social media, compared with 33% of Android users. The takeaway is straightforward: confident users who rely on built‑in protections without additional safeguards remain at risk, because the threat is rooted in human habits as much as in technology.

What this means for users is that the problem isn’t the iPhone itself but how people use the device online. For years, Apple’s reputation for safety helped shape a belief that iPhones are automatically more secure. The study challenges that notion by underscoring that cybercriminals target vulnerability—how people think and act online—rather than any single brand of phone. At the same time, software patches and updates play a critical role in closing gaps. iPhone updates frequently include security fixes designed to block emerging threats, but they are only effective if users install them promptly and keep apps current.

To reduce exposure, experts advise a layered approach to protection that goes beyond relying on the device. First, pause and verify anything that feels off, especially messages or offers that press for urgency or a quick decision. Second, avoid clicking links or scanning QR codes from unknown senders and instead navigate to a company’s official site directly. Third, install and maintain reputable antivirus or mobile security software across devices to block malicious links and flag phishing attempts. Fourth, keep software up to date with iOS updates and the latest versions of apps, since updates often include important security patches. Fifth, use unique, strong passwords for each account and consider a password manager that can generate and store complex credentials while checking for breaches. Sixth, evaluate the value of personal data‑removal services that help reduce the amount of information available to criminals, while recognizing that such services are not a guaranteed cure. Finally, enable two‑factor authentication on accounts and use a trusted method for receiving verification codes, rather than relying on text messages alone. In addition, avoid sharing personal information for “deals” or promotions and consider using an alias email address for sign‑ups to limit unsolicited contact.

Experts emphasize that these steps matter for all users, regardless of device. While many iPhone users appear less proactive about security tools, Android users are not immune to risk either. The core message is that effective protection comes from ongoing, deliberate online habits and multiple layers of security, not from any single device feature. Apple’s updates do address threats, but they cannot compensate for choices made in everyday online activity. As cybercriminals adapt their methods, users must remain vigilant and adopt best practices to stay ahead of evolving scams.

In sum, the report reinforces a familiar truth in cybersecurity: safe practices near every click matter more than the device you carry. The most effective defense combines up-to-date software, educated online habits, and additional safeguards such as two‑factor authentication and password management. Whether you use an iPhone or an Android device, the user remains the most important link in the security chain.