It seems scammers are geared up to target Apple users. Within a month of a previous issue, we hear of another massive campaign targeting iPhone users. But this time, it is not a malware campaign restricted to a region, rather, it is a massive iOS phishing scam that is exploiting iCloud email addresses to bluff iPhone users.
iOS Phishing Scam Bluffs For ‘Apple Care’
Researchers from Ars Technica have unveiled another online scam targeting iPhone users. This time, it is an iOS phishing scam against iCloud email addresses that prompts the users to use fake ‘Apple Care’. The text appearing in these phishing emails appear similar to that of legit emails from Apple. Hence, the users become confused and click on the given link. As disclosed by the researcher, the text reads,
“Sign-in attempt was blocked for your account [email address]. Someone just used your password to try to sign in to your profile.”
By clicking on the ‘CHECK ACTIVITY’ button appearing below the text, the user is redirected to a fake Indian website, that again redirects to a fake support website that initiates a call. The researcher called the line and got a chance to speak to ‘Lance Roger’ from (fake) Apple Care, who then dropped the call after suspecting the researcher.
Another Massive Online Scam – Like Macpatchers Maybe?
While reporting about the news, LHN became curious to dig out some more facts for our readers. We first attempted to find out the website highlighted by the Ars Technica, “applesecurityrisks.xyz”. Though they shared a screenshot of the live website labeled ‘dangerous’ by Google, we could not locate it online. (Maybe the site was removed by then).
After failing to find out the scam website, we began searching for the support number “+1-888-776-6999”. Google showed up some interesting results, as we could see numerous websites associated with this phone number, along with some scam reports.
With this, we suspected a massive scam, similar to what we reported previously for Macpatchers. Hence, we did a quick ‘whois’ of these websites. Though Printerblogs.com has been offline since July 20, 2018, we were able to retrieve some information from the other website CybertechUSA.online.
This domain was found registered by some ‘iTech Solutions’ in Haryana, India. Interestingly, this domain was registered on July 21, 2018. This finding seconds the Ars Technica’s report regarding the Indian origin of this scam.
We are trying to find out more details about the scam. Meanwhile, we request all our readers to stay wary of such fake tech support schemes. You must also remain careful from phishing emails, and ensure that you do not click any links from untrusted sources.
Have you been affected by this scam? Let us know in the comments section.
