Apple Phishing Scams Growing More Advanced, With Latest Spoofing Apple Phone Numbers

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jan 4, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Phishing scams attempting to get info out of Apple users are nothing new, but scammers are growing more clever and scams are getting harder to distinguish from actual Apple communication.

    On his Krebs on Security site, security researcher Brian Krebs today outlined one of the latest phishing scams he's seen, where an incoming phone call appears to be from a legitimate Apple support line.

    As described by Krebs, Jody Westby, CEO of security consulting firm Global Cyber Risk, received an automated call on her iPhone warning her that services containing Apple user IDs had been compromised.

    The message asked her to call a 1-866 number, and in the Phone app, the call looked like a call from Apple, with the number listed as 1(800)MYAPPLE, the name listed as Apple Inc., and with Apple's Infinite Loop website.

    Westby contacted Apple support via the official Apple Support page and asked for an employee to contact her. She was assured that the call was not legitimate, but when looking in her recent calls list, she saw that real support call had been lumped in with the fake call.

    [​IMG]
    Original scam call info on the left, with scam call info lumped in with actual Apple support call on right.​

    The scammers spoofed Apple's phone number and the iPhone was unable to distinguish between the real and fake calls, making it look like Westby had, in fact, been contacted by Apple multiple times, when that was not the case. Westby told Krebs that this is a convincing scam that people may fall for.
    Krebs went ahead and called the number that the scammers had asked Westby to call, where an automated system claimed he had reached Apple Support. A minute later, a person came on the line and asked about the reason for the call. Krebs responded that he was told to call about a breach at Apple, was placed on hold, and the call disconnected with no resolution.

    A similar report hit Twitter this morning from Fantastical developer Michael Simmons, who says he received a scam phone call that also spoofed Apple's number.


    Krebs believes scammers are aiming to obtain personal and financial details from Apple users to get payment, perhaps for tech support services. As he rightly points out, it is both shocking and concerning that Apple devices are unable to tell the difference between a legitimate call from Apple and someone attempting to spoof Apple.

    With these kind of phone-based scams, it's a good idea to disconnect the call and get in touch with Apple via the actual support site to avoid being fooled. Apple support does not cold call users in this manner, so these calls are almost always fake, but scammers are skilled social engineers and people do fall for these scams.

    Apple has a dedicated support page with information on how to avoid fake support calls, phishing emails, and other scam techniques that malicious individuals employ to extract information from Apple users.

    Article Link: Apple Phishing Scams Growing More Advanced, With Latest Spoofing Apple Phone Numbers
     
  2. ravenstar macrumors regular

    Joined:
    Jan 12, 2005
    #2
    Why is it surprising that a phone can't tell the difference between caller id information that's fake and caller id information that's legitimate? It's indeed troubling that caller ID spoofing is so common, but this is common to all phones the display caller ID information and is something the carriers need to resolve.
     
  3. Shiro_Simba Suspended

    Shiro_Simba

    Joined:
    Sep 28, 2018
    Location:
    London
    #3
    That’s the problem when you get popular !

    Though , Apple is the best for security , so I will not be leaving them any time soon
     
  4. centauratlas macrumors 65816

    centauratlas

    Joined:
    Jan 29, 2003
    Location:
    Florida
    #4
    Incorporating built-in call spoofing protection and the ability to block unknown callers would go a long way to help.

    Getting rid of SS7 as the back end and going end-to-end encrypted and verified will be the long term solution to stopping this. That would have the added benefit of preventing all kinds of espionage and eavesdropping on everyone's phone calls.
     
  5. Enclavean macrumors regular

    Enclavean

    Joined:
    Jun 14, 2018
    #5
    Jesus, that would probably have fooled me all the way until they asked for passwords/credit card
     
  6. itsmilo macrumors 68020

    itsmilo

    Joined:
    Sep 15, 2016
    Location:
    Europe
    #6
    Is the whole scam calling stuff an US thing? I don’t think I ever had a call I did not know who it was on my phone. Two days in Miami with a local prepaid sim and I got random calls from Cuba DAILY
     
  7. Ankou_Sabat, Jan 4, 2019
    Last edited: Jan 4, 2019

    Ankou_Sabat macrumors regular

    Ankou_Sabat

    Joined:
    Nov 17, 2015
    #7
    These fake/spoofed caller ID calls and robo calls would end tomorrow if they would fine the carriers; AT&T, Verizon, Sprint, et all for facilitating the transfer. The day after that gets announced, you'll see how fast those guys fix and end this garbage once and for all.
     
  8. kazmac macrumors 604

    kazmac

    Joined:
    Mar 24, 2010
    Location:
    On the silver scream
    #8
    Yes, I got one of those your “iCloud account has been breached” calls last Sunday. Hung up on it. I do not use iCloud.

    I immediately reported that call to Apple.

    They try every so often, but I know the only way I get a call from Apple support is if I call in first with an issue.
     
  9. riverfreak macrumors 65816

    riverfreak

    Joined:
    Jan 10, 2005
    Location:
    Thonglor, Bangkok
    #9
    I’ve never understood why there isn’t a simple whitelist function. I don’t want ANYONE outside of my contacts sending me email or texts, or calling me. Is it too much to ask to block people you don’t know from contacting you?
     
  10. AngerDanger macrumors 601

    AngerDanger

    Joined:
    Dec 9, 2008
    #10
    You could really mess with phishers by saying, "I'm kinda busy, so lemme call you back in a little while. I'll just look up the Apple support number online… unless there's some reason I can't just use Apple's official site to contact you."
     
  11. StandingGoose macrumors newbie

    Joined:
    Mar 24, 2017
    #11
    Settings -> Do Not Disturb -> Allow Calls From -> {Everyone, No One, Favorites, All Contacts, ...}
     
  12. Ankou_Sabat macrumors regular

    Ankou_Sabat

    Joined:
    Nov 17, 2015
    #12
    Whitelisting/blacklisting doesn't do anything to stop these calls because its based on caller ID which is often faked. I've been called by robo/scammers with my *own* phone number as the caller ID. There is no reason that at the absolute very least the carriers cannot weed out most if not all of these by checking against their own pool of phone numbers against the caller ID before the transfer is even made.
     
  13. Pirate515 macrumors regular

    Joined:
    Oct 18, 2011
    #13
    I don't think any phones are designed to look at incoming calls at deeper level, which is why the flood or robocalls in general in the first place. So until a system gets implemented that will be able to compare to insure that the number shown on Caller ID is in fact the number where the call is coming from, these sorts of things will unfortunately persist.

    The funny thing with this particular scam is that the con artists behind it rely on you actually answering the phone. Given that they are spoofing the legit AppleCare number, if you do not pick up when they call you and and call back later instead, you will in fact get the real AppleCare and they are SOL. The main thing to be on a lookout for just like with "Windows Tech Support" scams is that AppleCare will not call you out of the blue unless you have an existing case open with them, and if that be the case, they will greet you by your name and not be some generic phrase (e.g. Dear Customer). And if you are in doubt about whether you are talking to real Apple rep or not, you can always hang up and call back the number listed on Apple's website.
     
  14. Superhai macrumors 6502

    Superhai

    Joined:
    Apr 21, 2010
    #14
    It is worldwide, but I think US is more targeted as there are more people living there and as such the chance of success is higher. There is also a language thing. I lived in India some years ago and it was endemic, but the callers only spoke in hindi, which I don't speak so I di not understand what was said.
     
  15. Doomtomb macrumors 6502

    Doomtomb

    Joined:
    Jul 14, 2011
    Location:
    Austin, TX
    #15
    Question is, how does the scammer know the number they are calling is an iPhone?
     
  16. Porco macrumors 68030

    Porco

    Joined:
    Mar 28, 2005
    #16
    I think it's sensible advice (to both follow and give to others) to just not answer or engage with any incoming calls from anyone - shops, banks, service providers, anyone. Any that are genuine will not (or certainly should not) mind you calling them independently to ask if there is anything they need to know or ask.
     
  17. oldmanwinter macrumors newbie

    Joined:
    Sep 19, 2003
    #17
    Call spoofing needs to be stopped. The cons far outweigh the pros. Do something Congress, FCC, Apple, someone!
    --- Post Merged, Jan 4, 2019 ---
    They don't care. They can make calls in the millions. They're bound to hit a good percentage of iPhones.
     
  18. jonblatho macrumors 6502a

    jonblatho

    Joined:
    Jan 20, 2014
    Location:
    Missouri
    #18
    Which is, of course, exactly why it'll never happen.
     
  19. Allpaul macrumors newbie

    Joined:
    Jan 21, 2014
  20. Superhai macrumors 6502

    Superhai

    Joined:
    Apr 21, 2010
    #20
    It is a tricky one, as is this case. The call is about possible breach, which if it was real could be important to follow up immediately, if Apple knew that action had to be taken. There are also legitimate reasons to call a customer if there are any other critical issues. Credit card companies routinely calls if there are suspicious transactions, airline calls if flights are changed or canceled. The solution is rather to change the underlying infrastructure.
     
  21. cloudyo macrumors member

    Joined:
    Feb 25, 2012
    #21
    Yes, they do. I got a call about about a post I made in their Support Forums. I was very suspicious at first but the things they already knew about me (like, the real identity and phone number behind my nickname) made me trust the guy on the other end. At the end he also gave me an apple.com address to send an error report to, so i am sure it was legit.

    My point is: it happens.
     
  22. cppguy macrumors 6502a

    Joined:
    Apr 6, 2009
    Location:
    SF Bay Area, California
    #22
    This is very common, unfortunately. I repeatedly get phishing scam calls from my bank, insurance company. The phone number seems legit, it's always the correct 1-800 number. They are asking for the last 4 digits of the social security number for "verification" purposes. If the real bank is calling, they never ask for such thing. They don't need to verify your SSN, Mother's name, digits of your cards, and so on. They may verify your address, and that's it. I would hang up immediately, and call the official number myself. Never provide any information to incoming callers!!!
     
  23. npmacuser5 macrumors 65816

    npmacuser5

    Joined:
    Apr 10, 2015
    #23
    Amazes me that in Today's technology we cannot make a caller ID and or email work securely. A phone number/email address should be unique in the digital world. Lot of creative minds out there, put them to work.
     
  24. CPx macrumors 6502a

    Joined:
    Sep 6, 2013
    #24
    Unless you deleted it manually, the 1-800-MYAPPLE number used here is already in your contacts. It's in mine, anyway, and I never added it.
     
  25. joenruschia macrumors newbie

    Joined:
    Jun 26, 2009
    #25
    I get an average of four of these calls a day. It's annoying but it's been going on for at least a month now.
     

Share This Page

96 January 4, 2019