Stay alert, Apple users! While phishing scams designed to steal personal information from Apple users are nothing new, the scammers are growing more sophisticated and are harder than ever to detect.
On his Krebs on Security site, security researcher Brian Krebs today outlined one of the latest phishing scams he’s seen, where an incoming phone call appears to be from a legitimate Apple support line.
As described by Krebs, Jody Westby, CEO of security consulting firm Global Cyber Risk, received an automated call on her iPhone warning her that services containing Apple user IDs had been compromised.
The message instructed her to call an 1-866 number, and in her iPhone’s “Phone” app, the call appeared to have come from Apple.
When Westby contacted the real Apple Support via Apple’s Support page, asking an employee to call her, she was assured the call was not legitimate. However, when she looked at her recent call list, the call from genuine Apple Support had been lumped in with the fake call.
The scammers had spoofed Apple’s phone number so well that the iPhone couldn’t tell the difference!
“I told the Apple representative that they ought to be telling people about this, and he said that was a good point,” Westby said. “This was so convincing I’d think a lot of other people will be falling for it.”
Krebs called the spoofed Apple Support phone number, and an automated answering system told him he had reached Apple Support, please hold. In a minute or so, a real person (scammer) came on the line and asked about the reason for his call.
“Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected.”
Krebs believes scammers are trying to steal personal and financial information from Apple users to get payment, for fake tech support.
If you’re faced with a call like this disconnect the call and contact genuine Apple Support via their actual support site. Apple does not call their users like this, so these calls are always likely to be fake. Apple offers information on how to avoid fake support calls and phishing emails on their support site.