How to contact Apple if somebody has created an AppleID using an email address of mine.

Before you downvote this question consider that I'm not the first to run into Apple's odd recursive authentication loop.

Frustrated Apple User sums it up as:

So Apple could do nothing and this guy is allowed to use my email as his apple ID as long as he wants and I will receive emails from Apple when he uses his device, etc.

It's an established problem with Apple authorization and authentication. (My account is gmail, but it's basically the same underlying problem.)

While probably not a phishing attack, it certainly could be malicious.

Apple wrote:

Thanks for contacting us. I'm sorry that you weren't able to reset your Apple ID password. I’ll do everything that I can to get your issue resolved. If you haven’t already, you can try resetting your password online at: http://iforgot.apple.com For more information on resetting your security questions, see this page: https://support.apple.com/HT201485 For security reasons, I can't help you access this account via email.

So far as I know my account has been hijacked. I say my account, because it's my e-mail address which is used to login. So far as I know this is some variant of a malicious social engineering attack.

How do I contact Apple by chat?

When I try to contact Apple through Chat I get:

and so cannot proceed with resetting the password.

Notably, signing up for a mailing list has better authentication and authorization.

Or, an e-mail address for Apple would be a good way to enter into a dialogue with them. Do they have an e-mail address? Their e-mail to me came from [email protected] but they've already explained that they won't reset the password via e-mail.

When I try to contact Apple support through their website it goes in a loop where they want my Apple ID and then challenge me with secret questions.

At best it's annoying. At worst it's some sort of attack. This has been going on at least since 2016, we're almost in 2019.

This is the e-mail, or a portion of:

Welcome to iCloud.
Your Apple ID is <me>@gmail.com.
iCloud keeps all your photos and videos, documents, contacts, and more up to date automatically, so you always have access to the latest versions on all your devices. 

Solution 1:

Same issue here, Allan's answer is unhelpful and presumptuous that it is "impossible" for an email address to be tied up to an Apple ID without being verified.

Although it has not been verified, the email address is still unavailable for anyone else (like the actual owner of the address) to use.

Solution 2:

How to contact Apple if somebody has created an AppleID using an email address of mine.

This particular answer is meant to address the qualifier (emphasized) portion of the question.

Unless your email address is not 100% solely in your control, this cannot happen.

Why? Because immediately upon creating an AppleID, you are immediately asked to confirm the account and an email is with with a code only; there are no links to click or addresses to reply to.

To be perfectly clear, an AppleID cannot be created unless someone physically types out the confirmation code in the boxes on Apple's AppleID website.

What this means

If "someone", whether nefarious or innocent intentions, created an AppleID account with your email address they either had:

• access your email account
• access to a trusted device that's no longer in your possession (sold, gifted, or stolen)
• you confirmed the account and forgot about it.

What is Apple going to do?

Nothing, unless you can authenticate with the credentials the account creator provided.

• email address
• Birthday
• Phone Number (required in some countries)
• 3 different security questions with 6 options each as to the question being asked (18 different permutations)

Apple needs to validate who you are before it will even contemplate making a change. The reason for the extra verification credentials is for the simple reason email addresses and phone numbers change; your birthday and the city where your parents met (one of the questions) will not.

So far as I know my account has been hijacked. I say my account, because it's my e-mail address which is used to login. So far as I know this is some variant of a malicious social engineering attack.

It could be your account and equally as likely it's not. We (here on Ask Different) and Apple only have your word that the email is in fact "yours." How do we know that you haven't compromised the legitimate AppleID account owner and you're attempting to hack their credentials? How secure would AppleID be if they allowed anyone to merely claim an email address was theirs and to reset the password?

(It's not an accusation, it's an academic exercise)

I can already hear your argument: It's my email account. Ok, let's look at it from Apple's prospective:

• Given the security process, your email must have been compromised when it was created
• Given that you can't authenticate any other security credential, but claiming you've got access to email means email is potentially compromised now.

From Apple's perspective, it's not their problem.

Solution 3:

I have this situation with a domain we purchased from another person who happened to set up an AppleID account with it before we purchased the domain-—so we now have the same email address but we can't reset the appleID with it alone--but we do get all AppleID related email intended for the previous owner.

I'm not sure how to deal with that problem——but it is an example of this happening without losing control of an email address. Instead, we purchased a domain that expired and had email addresses on it we are re-using, so to speak, that have AppleIDs tied to them.