New phishing scam masquerades as Apple support call
The latest scam targeting Apple device users is particularly insidious, appearing to come as a call from the company's real phone support number, according to a well-known security researcher.
A phishing call in progress.
Those affected are getting a message from a robodialer claiming their online ID has been compromised, Brian Krebs explained on Friday. Checking the iOS Phone app shows the caller as "Apple Inc." and the number as 1-800-MY-APPLE, just like AppleCare. In fact people who have recently been in contact with the authentic AppleCare will see scam calls listed under the same history.
One person targeted by the scam, Global Cyber Risk CEO Jody Westby, called the "1-866" number mentioned in the message, encountering first an automated system but then a real person, who ultimately placed Westby on hold before disconnecting.
Prior to that call Westby had got in touch with an AppleCare representative, who confirmed that the original call was a fake.
Krebs suggests that that as in most phishing incidents the scammers are likely baiting people into handing over personal details or to get direct payment for bogus services. While blocking the robodialer isn't an option for people who need to talk to Apple, the scam should nevertheless be easy to detect, since Apple doesn't cold-call its support clients and the reply number in the message isn't associated with the company.
A phishing call in progress.
Those affected are getting a message from a robodialer claiming their online ID has been compromised, Brian Krebs explained on Friday. Checking the iOS Phone app shows the caller as "Apple Inc." and the number as 1-800-MY-APPLE, just like AppleCare. In fact people who have recently been in contact with the authentic AppleCare will see scam calls listed under the same history.
One person targeted by the scam, Global Cyber Risk CEO Jody Westby, called the "1-866" number mentioned in the message, encountering first an automated system but then a real person, who ultimately placed Westby on hold before disconnecting.
Prior to that call Westby had got in touch with an AppleCare representative, who confirmed that the original call was a fake.
Krebs suggests that that as in most phishing incidents the scammers are likely baiting people into handing over personal details or to get direct payment for bogus services. While blocking the robodialer isn't an option for people who need to talk to Apple, the scam should nevertheless be easy to detect, since Apple doesn't cold-call its support clients and the reply number in the message isn't associated with the company.
Comments
I happened to search spoofing just a little while ago and found this:
https://docs.fcc.gov/public/attachments/DOC-355848A1.pdf
Some action may be forthcoming, but the document above seems more about clarifying definitions, and asking for further comments.
Apparently, there are legitimate reasons to spoof Caller ID. For example, "domestic violence shelters sometimes alter caller ID information to ensure the safety of their residents." I think law enforcement may do this too. There are already rules that forbid fraudulent use, but they are ignored. Maybe finding some other way to legitimately protect callers without spoofing can be figured out, then the current spoofing technique can be disabled entirely.
I have been getting these same exact calls of people masquerading as "Apple Support" continuously for the last two weeks. I live in the USA. They usually dial from the same out-of-state CallerID 1-2 times and then move to another number. If anyone has ideas on how to stop them, please add to this thread!
This is apples one
I’ve gotten several of these lately. The first few the font was way off. then the font got better. I haven’t really read them, so I’m not sure if they have the same broken English.
😎🇮🇪☘️
This can all be stopped. Congress should fine the Internet Provider or cell Provider a $1 for every call.
It will stop the next day.
they are Complicit with the problem(s).
And, it's not just phone scams -- but consumer / retail organizations who do not adequately protect their customer's data -- but suffer no consequences when it is stolen or misused.
Put a few people in jail for awhile and this stuff would drop off in a hurry.
Cyber-warfare is the new warfare and Cyber-crime is the new crime. It's time we protected the people of our country from these attacks.
Scammers need slightly dim victims. Somebody smart or savvy is bound to smell a rat at some point, and all effort up to then is wasted work.
Weeding the time-wasters out from the start is good business practice for a scammer.
When they asked to provide me with login coordinates to my computer I simply provided them a new VM where they searched around for an hour w/o finding anything. At least they had to waste some time.