Hacker allegedly posed as Apple Support to scam user out of $1,500

Posted:
in General Discussion
A Pennsylvania iPhone user claims that her call to Apple Support was intercepted by a hacker who proceeded to remotely install apps and transfer money out of her bank account.

Apple iPhone
Apple iPhone


Donna Francis, of Baden, in Beaver County, western Pennsylvania, says that she initially ignored an incoming call purporting to be from "Xfinity Apple Support." When she later called Xfinity directly, the company had no knowledge of her alleged call, and recommended that she phone Apple. Xfinity does not have an Apple support division.

Francis then says she dialed the support number on Apple's website which she said she got from her packaging from the iPhone. She says that the call was answered by a woman who took down her information, and then was routed through to someone who warned her about hacking attempts.

"He said, 'You don't want to waste any time, people from Russia and China are hacking into your account,'" Francis told Pittsburgh Action News. "He said, 'They've just charged $5,000 to your account."

With that information, the person on the phone persuaded Francis to allow the fraudster to remotely install software onto her iPhone.

"Before I knew it," she continues, "he was opening up my Huntington [bank] account and I said, 'Why are you opening up my Huntington account?' He said, 'This is where I think they're taking money.'"

"He was sending $1,498 -- that's what I had in my account -- to himself," says Francis. "And I said, 'What are you doing? You're supposed to be helping me!'"

Reportedly the person then ended the call and Francis appears to have permanently lost almost $1,500. According to Pittsburgh Action News, the local bank branch manager said it looks to the bank as though she approved and sent the money to this person.

Francis has reported the incident to the bank, the local police, and the FBI. Pittsburgh Action News also contacted the FBI, saying that the number Francis reportedly dialled is the correct Apple Support one, so it must have been intercepted.

"I think that's probably technically possible," an FBI official is reported to have said. "But we aren't seeing any trends of huge incidents of that happening locally or nationally."

How to protect yourself from a similar fraud attempt

The incident is not one where hacking tools were applied directly to the iPhone, nor applied without an interaction by the phone's user. Instead, this attack was executed by a combination of perhaps a cell intercept, paired with a social engineering attack, convincing the user to install the remote access software. The report isn't clear about which remote access software was installed, or how it was done.

In regards to the caller ID information saying that it was some sort of Xfinity Apple Support -- US caller ID information isn't always reliable. It isn't difficult for a fraudster to spoof a caller ID display, for a number that a user doesn't have in their Contacts on an iPhone.

If it were some kind of cell intercept, the FBI's information about not seeing a trend is significant because a scam that nets $1,500 is not worth the cost of any potential intercept hardware.

Assuming Francis separately looked up Xfinity's number rather than tapping on her iPhone's Recents to call back, then Xfinity reporting that they don't have an Apple Support desk should have been the end of the entire matter.

Furthermore, Apple support or security personnel won't ask users to install remote access software, because there is no legitimate reason to do so. Instead, they recommend an Apple Store visit to evaluate the device.

Additionally, Apple support personnel would have no information on any ongoing hack of a user's bank in real-time.

Comments

  • Reply 1 of 12
    What is this iPhone remote control app that the scammers used? I would love to be able to do that to help my mom. I use TeamViewer on the Mac, but wasn’t aware of any similar software for the iPhone.
    right_said_fred
  • Reply 2 of 12
    DAalsethDAalseth Posts: 1,440member
    Something about this story doesn’t add up. 
    watto_cobrapujones1kingofsomewherehotyoyo2222viclauyyc
  • Reply 3 of 12
    M68000M68000 Posts: 322member
    When I think about how scam calls are able to come through with fraudulent and incorrect phone numbers showing up - it makes my blood boil.  These people doing this need to be found and put in jail for a long time.  The telecom companies must find a way to put a stop to this either through hardware or software or a combination of both.   Multi billion dollar telecom companies need to do something NOW.  
    pujones1dysamoriaHank2.0bageljoeyright_said_fredviclauyycwatto_cobra
  • Reply 4 of 12
    Well for one, Apple Support will not call you out of the blue. You need to contact them first. Two, Apple does not use Xfinity at all so that is a very big scam warning right there.
    Three, I don't know of any remote control software for any iPhone. So something doesn't add up in this story and how did that person get all of the banking information to take that money. 
    kingofsomewherehotwatto_cobra
  • Reply 5 of 12
    dysamoriadysamoria Posts: 3,127member
    M68000 said:
    When I think about how scam calls are able to come through with fraudulent and incorrect phone numbers showing up - it makes my blood boil.  These people doing this need to be found and put in jail for a long time.  The telecom companies must find a way to put a stop to this either through hardware or software or a combination of both.   Multi billion dollar telecom companies need to do something NOW.  
    Absolutely. There’s no excuse for this insanity to just be left alone. It’s just more laissez-faire “let the market decide” BS allowing the communications companies to do virtually NOTHING. Then there’s Ajit Pai... Who has replaced him?

    How is it that our lawmakers don’t find this phone situation to be an egregious systemic problem just from their own personal experiences?? Do they not handle their own phones?

    This is part of what makes me feel like my society is just plain insane. We seem to have zero governance over this shit.
    elijahgOferwatto_cobra
  • Reply 6 of 12
    They intercepted the phone call : Nope, probably misdialed the number
    They had the user download an app from the App Store that gives this kind of control over the iPhone: which app would that be?
    They were able to locate which bank and log in without help: unlikely although opening the bank app could trigger a faceId login
    The remote control app was able to launch another app without the users input: current iOS requires this action to be manually approved 

    There’s a lot of pieces of this story that don’t add up and without more detail I’m calling BS.



    yoyo2222viclauyycwatto_cobra
  • Reply 7 of 12
    Extremely skeptical about her story. If people were calling the phone number in the iPhone packaging and getting scammed, it would not be a single incident. It would be thousands of people.
    That being said, it is way too easy for people to get scammed and their bank accounts plundered. There seems to be almost no security surrounding ACH. Apple is one of the worst companies at financial security. It is why their gift cards are so often used by scam artists to steal money from gullible people. Apple allows their gift cards to be purchased by anyone, transferred to anyone else and the funds used by anyone anywhere. There seems to be no tracing of transactions at all.
  • Reply 8 of 12
    I swear, I had ten (10) scam calls yesterday, though that also includes me placing calls in response to scam emails. Anyway, one of them instructed me to go to the iOS App store to download "AnyDesk". You'll see it has very high reviews and also one star warnings that it is employed with scammers. I never downloaded it, though it does look useful. The scammer was upset that I preferred to use Safari on the Mac (to play along with his scam.) But honestly, ten scams just yesterday. I take them all, but never divulging critical information, of course. Often they ask me if they're speaking with "My Name" at "123 Main St", Zip code "12345" etc. So they already have my name and address, and I admit that they've got the right guy. But then they tell me, "all we need is the last four digits of your SS# or CC# just to qualify you." Yea, right.
    macplusplusravnorodomwatto_cobra
  • Reply 9 of 12
    jcs2305jcs2305 Posts: 1,165member
    Wgkrueger said:
    They intercepted the phone call : Nope, probably misdialed the number
    They had the user download an app from the App Store that gives this kind of control over the iPhone: which app would that be?
    They were able to locate which bank and log in without help: unlikely although opening the bank app could trigger a faceId login
    The remote control app was able to launch another app without the users input: current iOS requires this action to be manually approved 

    There’s a lot of pieces of this story that don’t add up and without more detail I’m calling BS.



    I thought the same at first. What are the chances that she mis-dialed the # to the exact # that was used for the scam? Maybe she got the Apple support # from an infected computer that showed a faked website and not the iPhone box as she claimed.

    Years ago I tried to access my chase account and their website redirected me to a site that looked very much like the actual Chase.com website except it was asking me to verify info ( SS#, Name, Address etc.. ) and as I read over and looked at the site I noticed grammatical errors that made it obvious it wasn't the actual Chase. I called Chase and they made me change my user name and password on a machine not connected to my work network and confirmed it was a fraudulent website. I found out later that there was an infected machine on my work network that was the cause of the redirects.

    I agree that things don't add up. I would also like to know what this remote control app was that was somehow loaded on her iPhone?  That is another part of this story that makes me think she may have been on a computer and not her actual iPhone as she claims?

    watto_cobra
  • Reply 10 of 12
    horvatic said:
    Well for one, Apple Support will not call you out of the blue. You need to contact them first. Two, Apple does not use Xfinity at all so that is a very big scam warning right there.
    Three, I don't know of any remote control software for any iPhone. So something doesn't add up in this story and how did that person get all of the banking information to take that money. 
    You should read the article next time.  "Francis then says she dialed the support number on Apple's website which she said she got from her packaging from the iPhone."

    I guess you think all social engineering hacks don't add up either because you just don't believe they can occur.  Because you don't know of any apps that can control the iPhone don't exist, you must think it is fake?  How did the person get the banking information?  Her banking app on the phone was opened up.

    Sad that so many people don't believe in social engineering hacks because it is a phone and not a hard wired computer to be hacked.

    I guess none of you have received phishing emails from various companies trying to dupe people into social engineering hacks.  I guess those must not be true either because you all seem to think they are fake because it did not happen to you.

    Look at all the Apps that Apple removed from the App Store because their screening process failed to identify rogue apps that are designed to steal your information right off your phone.
  • Reply 11 of 12
    I've called apple support to fix an issue I was having with iMessage and they did ask me to install remote access software (from here https://ara-prn.apple.com). It felt sketchy as hell but I did it since I knew I called the right apple support number - they somehow did fix iMessage though and there haven't been any weird transactions in my bank account since then, so my hope is that I didn't get scammed (it'd be nuts if I did since I literally called apple support). 
    watto_cobra
  • Reply 12 of 12
    ClassicGeekClassicGeek Posts: 19unconfirmed, member
    Key here is you called Apple directly and the remote software came from an Apple.com web site. Plus the Apple advisor has to provide you the session key to connect. Plus with any screen sharing with Apple we (Disclose I work for Apple) can’t control your device at all. Only view. 

    fork4k said:
    I've called apple support to fix an issue I was having with iMessage and they did ask me to install remote access software (from here https://ara-prn.apple.com). It felt sketchy as hell but I did it since I knew I called the right apple support number - they somehow did fix iMessage though and there haven't been any weird transactions in my bank account since then, so my hope is that I didn't get scammed (it'd be nuts if I did since I literally called apple support). 

    watto_cobra
Sign In or Register to comment.