Scammers are kicking off 2019 with even more devious ways to trick customers out of handing over vital information.
A security website that tracks fraud and scams is warning Apple customers of a recent phishing scam that looks entirely legit on the surface. However, after further investigation by one intended target, the fraud is just another ploy to steal from innocent people.
Here’s the breakdown from Krebs On Security:
“A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.
…she received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised (the same scammers had called her at 4:34 p.m. the day before, but she didn’t answer that call). The message said she needed to call a 1-866 number before doing anything else with her phone.”
The intended target, Jody Westby, is the CEO of Global Cyber Risk LLC. She immediately thought something felt off about the random call and contacted Apple directly.
She went to the Apple.com support page and requested a customer support person call her back. The page displayed a case ID to track her issue. A few minutes later, a representative from Apple Inc. called her back and referenced that case ID number at the beginning of the call.
Westby said the Apple agent told her that Apple had not contacted her, that the call was almost certainly a scam, and that Apple would never do that — all of which she already knew. But when Westby looked at her iPhone’s recent calls list, she saw the legitimate call from Apple had been lumped together with the scam call that spoofed Apple.
The Krebs on Security website took the investigation a step further and called the number left on Westby’s voicemail.
“KrebsOnSecurity called the number that the scam message asked Westby to contact (866-277-7794). An automated system answered and said I’d reached Apple Support, and that my expected wait time was about one minute and thirty seconds. About a minute later, a man with an Indian accent answered and inquired as to the reason for my call.
Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected.
No doubt this is just another scheme to separate the unwary from their personal and financial details, and to extract some kind of payment (for supposed tech support services or some such). But it is remarkable that Apple’s own devices (or AT&T, which sold her the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.”
So if you’ve received a call from “Apple support,” don’t fall for the bait. Block the call immediately.
[via Krebs on Security]