On the 3rd of January, 2019, Brian Krebs had announced that a new phone based phishing scam that apparently spoofs Apple Inc. This is likely to fool quite a few people in a very clever way. It’s done by making the calls seem like they were coming directly from the Apple Support.
More on the report –
This scam basically starts with an automated call that displays Apple’s logo. It also displays the address as well as the actual real phone number. This call warns about a data breach at the company.
As Brian mentions, “the scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page; the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.”
Brian also mentioned about a user in the name of Jody Westby, who received a call from Apple Support asking for a call back. The contact information that came along with the number appeared to be Apple Inc.’s. When she called the 866 number, however, something was clearly amiss. This call-back number is the phishing source.
More Insight –
Details on the Jody Westby scam call –
Jody Westby is the CEO of Global Cyber Risk LLC, a security consulting firm based in Washington, D.C. Westby said earlier today she received an automated call on her iPhone; warning that multiple servers containing Apple user IDs had been compromised. (the same scammers had called her at 4:34 p.m. the day before, but she didn’t answer that call). The message said she needed to call a 1-866 number before doing anything else with her phone.
Jody said, “An automated system answered and said I’d reached Apple Support; and that my expected wait time was about one minute and 30 seconds. About a minute later, a man with an Indian accent answered and inquired as to the reason for my call.
Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected.”
As TechCrunch mentions, this is just another scheme to separate the unwary from their personal and financial details, and to extract some kind of payment (for supposed tech support services or some such). But it is remarkable that Apple’s own devices (or AT&T, which sold her the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.
Remember: If anyone calls you claiming that your computer is broken they are most probably lying. After all, support people will never be proactive when it comes to problems with your computers, only reactive (if that).