New phishing scam masquerades as Apple support call

Posted:
in General Discussion
The latest scam targeting Apple device users is particularly insidious, appearing to come as a call from the company's real phone support number, according to a well-known security researcher.

A phishing call in progress.
A phishing call in progress.


Those affected are getting a message from a robodialer claiming their online ID has been compromised, Brian Krebs explained on Friday. Checking the iOS Phone app shows the caller as "Apple Inc." and the number as 1-800-MY-APPLE, just like AppleCare. In fact people who have recently been in contact with the authentic AppleCare will see scam calls listed under the same history.

One person targeted by the scam, Global Cyber Risk CEO Jody Westby, called the "1-866" number mentioned in the message, encountering first an automated system but then a real person, who ultimately placed Westby on hold before disconnecting.

Prior to that call Westby had got in touch with an AppleCare representative, who confirmed that the original call was a fake.

Krebs suggests that that as in most phishing incidents the scammers are likely baiting people into handing over personal details or to get direct payment for bogus services. While blocking the robodialer isn't an option for people who need to talk to Apple, the scam should nevertheless be easy to detect, since Apple doesn't cold-call its support clients and the reply number in the message isn't associated with the company.

Comments

  • Reply 1 of 19
    wood1208wood1208 Posts: 1,990member
    Scammers have been using caller ID number manipulation for a long time. In past, I have received(fake) calls with ID/number displayed coming from IRS, Homeland security, Immigration, town police department and my own phone number displayed as me calling me.
    edited January 4 cornchipwatto_cobra
  • Reply 2 of 19
    I received a phishing email from a seemingly authentic looking domain:



    The phishing link uses some URL shortening / redirecting service so it still appears as https.  Kinda clever.

    Didn't do a good job with the language but I hear that is on purpose.

    minicoffeebaconstangwatto_cobra
  • Reply 3 of 19
    urashid said:
    Didn't do a good job with the language but I hear that is on purpose.

    Really? That's the thing that is an instant tip-off.
    bonobobwatto_cobra
  • Reply 4 of 19
    My 92 year old dad was getting a ton of calls with "Apple, Inc" in caller ID the day after Christmas. He has no Apple devices whatsoever, so it was an obvious scam.

    I happened to search spoofing just a little while ago and found this:
    https://docs.fcc.gov/public/attachments/DOC-355848A1.pdf

    Some action may be forthcoming, but the document above seems more about clarifying definitions, and asking for further comments.

    Apparently, there are legitimate reasons to spoof Caller ID. For example, "domestic violence shelters sometimes alter caller ID information to ensure the safety of their residents." I think law enforcement may do this too. There are already rules that forbid fraudulent use, but they are ignored. Maybe finding some other way to legitimately protect callers without spoofing can be figured out, then the current spoofing technique can be disabled entirely.
    edited January 4 watto_cobra
  • Reply 5 of 19
    MplsPMplsP Posts: 1,575member
    Caller ID spoofing is getting to be a major problem - it's time they actually come up with a better system that prevents it.
    PetrolDavewatto_cobra
  • Reply 6 of 19
    I get spoof emails from fraudsters posing as Ebay or PayPal. The have a dedicated spoof email address you can report these idiots to ([email protected] , [email protected]). Does a similar address exist for Apple. That would be helpful. Perhaps we can crowdsource these guys into oblivion.
    edited January 4 baconstangPetrolDavewatto_cobra
  • Reply 7 of 19
    M68000M68000 Posts: 87member
    So,  this is another example of why a massive response from the Telecom industries around the world, along with phone manufacturers if needed and the FCC in the United States need to work together to eliminate this kind of thing.   The criminals are laughing and making a mockery of the phone systems.  I get numerous BS calls that I've won Marriott and Wyndham hotels stays and other kinds of fraud calls.   Why isn't something being done about this at the telecom level ?   If new chipsets need to be designed for cellphones to prevent this kind of thing then it needs to happen and be phased in over time.    I think the FCC should make this priority ONE in the United States and other governments around the world should get involved.   Our cellphones are computers of course - it's time for some new code and chipsets and work from he telecom industry to put a stop to this nonsense once and for all.
    anantksundaramolslostkiwiPetrolDavewatto_cobra
  • Reply 8 of 19
    sflocalsflocal Posts: 4,685member
    M68000 said:
    So,  this is another example of why a massive response from the Telecom industries around the world, along with phone manufacturers if needed and the FCC in the United States need to work together to eliminate this kind of thing.   The criminals are laughing and making a mockery of the phone systems.  I get numerous BS calls that I've won Marriott and Wyndham hotels stays and other kinds of fraud calls.   Why isn't something being done about this at the telecom level ?   If new chipsets need to be designed for cellphones to prevent this kind of thing then it needs to happen and be phased in over time.    I think the FCC should make this priority ONE in the United States and other governments around the world should get involved.   Our cellphones are computers of course - it's time for some new code and chipsets and work from he telecom industry to put a stop to this nonsense once and for all.
    I've read recent articles that the telcos have finally been given the mandate to deal with this.  Apparently they are close to a way to determine the true origin of a phone call, and verify it with the number that is being displayed and put an end to it.  That will really drop a hammer, especially to countries like India and Pakistan where many of these cursed calls come from.

    It can't come soon enough. 
    lostkiwiwatto_cobra
  • Reply 9 of 19
    bonobobbonobob Posts: 189member
    sflocal said:
    M68000 said:
    So,  this is another example of why a massive response from the Telecom industries around the world, along with phone manufacturers if needed and the FCC in the United States need to work together to eliminate this kind of thing.   The criminals are laughing and making a mockery of the phone systems.  I get numerous BS calls that I've won Marriott and Wyndham hotels stays and other kinds of fraud calls.   Why isn't something being done about this at the telecom level ?   If new chipsets need to be designed for cellphones to prevent this kind of thing then it needs to happen and be phased in over time.    I think the FCC should make this priority ONE in the United States and other governments around the world should get involved.   Our cellphones are computers of course - it's time for some new code and chipsets and work from he telecom industry to put a stop to this nonsense once and for all.
    I've read recent articles that the telcos have finally been given the mandate to deal with this.  Apparently they are close to a way to determine the true origin of a phone call, and verify it with the number that is being displayed and put an end to it.  That will really drop a hammer, especially to countries like India and Pakistan where many of these cursed calls come from.

    It can't come soon enough. 
    The phone companies have known how to determine the true origin of a call for decades. How do you think they bill the right customer for long distance?
  • Reply 10 of 19
    clexmanclexman Posts: 149member
    They've called my wife several times with the scheme. I thought no one would ever fall for it, but then a very gullible coworker of mine took the bait. Fed the scammers all their info. The scammers deleted everything backed up on their iCloud account. Who knows how much personal info they got their hands on.
    watto_cobra
  • Reply 11 of 19
    ttrqttrq Posts: 5member
    Hi,

    I have been getting these same exact calls of people masquerading as "Apple Support" continuously for the last two weeks.  I live in the USA.  They usually dial from the same out-of-state CallerID 1-2 times and then move to another number.  If anyone has ideas on how to stop them, please add to this thread! 

      
    watto_cobra
  • Reply 12 of 19
    racerhomie3racerhomie3 Posts: 1,152member
    I get spoof emails from fraudsters posing as Ebay or PayPal. The have a dedicated spoof email address you can report these idiots to ([email protected] , [email protected]). Does a similar address exist for Apple. That would be helpful. Perhaps we can crowdsource these guys into oblivion.
    [email protected]

    This is apples one
    watto_cobrabadmonk
  • Reply 13 of 19
    cornchipcornchip Posts: 1,365member
    urashid said:
    I received a phishing email from a seemingly authentic looking domain:



    The phishing link uses some URL shortening / redirecting service so it still appears as https.  Kinda clever.

    Didn't do a good job with the language but I hear that is on purpose.


    I’ve gotten several of these lately. The first few the font was way off. then the font got better. I haven’t really read them, so I’m not sure if they have the same broken English.
    watto_cobra
  • Reply 14 of 19
    I get spoof emails from fraudsters posing as Ebay or PayPal. The have a dedicated spoof email address you can report these idiots to ([email protected] , [email protected]). Does a similar address exist for Apple. That would be helpful. Perhaps we can crowdsource these guys into oblivion.
    This article https://support.apple.com/en-us/HT204759 gives this address for reporting: [email protected] 

    😎🇮🇪☘️ 
    watto_cobra
  • Reply 15 of 19
    TomETomE Posts: 143member
    I love getting those calls from the Windows Help Desk wanting to help me with my computer (A Mac).
    This can all be stopped.  Congress should fine the Internet Provider or cell Provider a $1 for every call.
    It will stop the next day.
    they are Complicit with the problem(s).
    watto_cobra
  • Reply 16 of 19
    GeorgeBMacGeorgeBMac Posts: 4,961member
    If I had a choice between legislation to build a couple more aircraft carriers or a wall, I would choose legislation protecting U.S. citizens from frauds such as these calls.   Currently, these people function in a no-lose situation:  if the scam works they win, if it doesn't they lose nothing.

    And, it's not just phone scams -- but consumer / retail organizations who do not adequately protect their customer's data -- but suffer no consequences when it is stolen or misused.

    Put a few people in jail for awhile and this stuff would drop off in a hurry.

    Cyber-warfare is the new warfare and Cyber-crime is the new crime.   It's time we protected the people of our country from these attacks.
    watto_cobra
  • Reply 17 of 19
    sphericspheric Posts: 1,780member
    urashid said:
    Didn't do a good job with the language but I hear that is on purpose.

    Really? That's the thing that is an instant tip-off.
    Yes, which is exactly the point: 

    Scammers need slightly dim victims. Somebody smart or savvy is bound to smell a rat at some point, and all effort up to then is wasted work. 

    Weeding the time-wasters out from the start is good business practice for a scammer. 
    king editor the gratewatto_cobraurashid
  • Reply 18 of 19
    I got this call just before Christmas. I realized that it wasn’t Apple that called since they failed to explain how the ‘hackers’ worked around the 2 factor auth. Satisfactory...
    When they asked to provide me with login coordinates to my computer I simply provided them a new VM where they searched around for an hour w/o finding anything. At least they had to waste some time.
    watto_cobra
  • Reply 19 of 19
    pianofingers88pianofingers88 Posts: 1unconfirmed, member
    This is totally annoying - I have gotten close to a dozen calls within the last couple of days claiming to be from Apple Support (all going to my voicemail) - and they don't even leave a complete message! Any way we can get rid of this menace to society?? Grrrrrr........
Sign In or Register to comment.