Watch out! iPhone users targeted with seemingly legit phishing scam
Phishing scams are fairly common on internet. An attacker fakes a well-known company's web page and tries to fool an unsuspecting user into giving away their financial or personal details. Just last week, Netflix had warned about such scams, and now, it seems Apple iPhone owners are being targeted with a seemingly legit voice call-based phishing attack. Here's all about it.
Fake 'Apple' call warning about server breach
Recently, Jody Westby, the CEO of security firm Global Cyber Risk LLC, was targeted by the phishing scam in question. She received an automated call that appeared to be from Apple, and was informed about a server breach. It said multiple servers containing Apple IDs have been compromised and she had to call a specific 1-866 number before doing anything else on her device.
Scarily, the scammer's caller ID seemed official
Prompted by the automated call, Westby visited Apple's support page and requested a callback. After speaking to a real Apple customer support representative, she was sure that the previous call was actually a scam. However, after hanging up, she noticed the worrying part: the fake caller's ID was tied to the legit call from Apple in the 'recent' list of her iPhone.
This could have fooled anybody
For both real and fake call, the 'recent' list displayed actual Apple information, including its real address in Cupertino, real support number, and the real website (although without 's' at the end of 'http'). This could have easily fooled anyone into believing the scam.
Here's what happened when the fake number was called
After the issue was flagged, KrebsOnSecurity called the number given to Westby to delve into the matter. The call was answered by an automated system that claimed to be 'Apple Support'. It was then transferred to a man, who inquired the reason for the call and hung up soon after he was told about the fake 'breach and Apple ID issue'.
Clearly, the goal was to steal money
Though the person answering the call hung up, the entire system appears to be designed for tricking users into paying for 'Apple' tech support. The unwary user would think they are paying Apple for its support services, but the scammer would take away the money as well as financial and personal information. So, watch out and don't fall for something like this.
Never share your details online or on call!
To avoid such scams, never share your personal or financial details with anyone, not even to pay for a seemingly legit service. Keep this as a rule of thumb and visit only official sites for any kind of product-related service you may need.
