Customer support scams have been rampant over the past years and are wildly successful when done right. Scammers will impersonate personnel from legitimate companies with hopes of extorting money from unsuspecting users. The security blog, KrebsonSecurity recently reported the advent of a new phone-based voice phishing scam with a focus on Apple users. In August of 2018, we saw an iOS phishing scam targeting iPhone users, so this is obviously not the first Apple support scam reported.
Jody Westby, the CEO of Global Cyber Risk LLC, attested to receiving automated calls on her iPhone. Despite being spoofed, the call shows the Apple logo, physical and web address and the legitimate phone number. The automated call warned of a data breach affecting Apple where several Apple IDs had been accessed. It culminated with a message asking her to call 866-277-7794.
When KrebsOnSecurity called the 1-866 number, the results were somewhat suspicious:
An automated system answered and said I’d reached Apple Support, and that my expected wait time was about one minute and thirty seconds. About a minute later, a man with an Indian accent answered and inquired as to the reason for my call. Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected. No doubt this is just another scheme to separate the unwary from their personal and financial details, and to extract some kind of payment (for supposed tech support services or some such).
Westby, after receiving the automated call, had later gone to Apple’s customer support webpage and made a request to be called by a customer support staff. Later, when she was called, the personnel clarified that Apple had not called her. This hinted at the fact that she had earlier encountered a scam. One peculiar thing she noticed later on is the call from the real Apple been bunched with the spoofed one. KrebsonSecurity said:
…it is remarkable that Apple’s own devices (or AT&T, which sold her the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.
Phone users, whether Apple users or otherwise, are warned to be wary of phone calls from unknown numbers. Scammers are getting smarter and searching for ways to appear as legitimate as possible. Feel free to check out these ways of identifying and avoiding tech support scams.