Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Phishing Scams Growing More Advanced, With Latest Spoofing Apple Phone Numbers

That's an interesting question. I once got a call from one of Apple's Austin, TX numbers immediately after a call I was on got disconnected due to weather. The person claimed to be a Senior Advisor and knew my case number and the full name of the agent I had just spoken to (I only knew the agent's first name and only learned her last name after she sent me an e-mail about 20 min after the call to me ended). She asked somewhat odd questions and was quite rude, so I told her I would call Apple back.

When I called Apple back, I was told they had no record of her call. Someone from Apple's executive customer relations contacted and did some more digging but was unable to find the person or a record of a call, and claimed the person must have spoofed Apple's number and that it must have been a phishing attempt.

It does make me wonder if some of this is happening from "inside" Apple....

Doomtomb said:
Question is, how does the scammer know the number they are calling is an iPhone?
Click to expand...
 
Ankou_Sabat said:
These fake/spoofed caller ID calls and robo calls would end tomorrow if they would fine the carriers; AT&T, Verizon, Sprint, et all for facilitating the transfer. The day after that gets announced, you'll see how fast those guys fix and end this garbage once and for all.
Click to expand...
And Actually the Carriers are complicit in this problem - they make money by not stopping it. I have received e-mails that would fool many people into thinking they were from Apple, as well as a few calls. As for the e-mails, it becomes pretty obvious if you have a computer and are able to display the real address and find out it is from some foreign country , that you should put it in junk.
 
If they care so much about my privacy, why don't they build in a anti-spam service to block these BS calls. put your money where your mouth is, Apple - prove you care about my privacy.
 
I got a call from Apple earlier today. However it was just an 800 number it didn’t show up on the phone as “Apple”.

It was a recording telling me my Apple account was compromised and that I should press one to speak to an Apple representative. I pressed one, a person going by the name of “Mac” with a heavy Indian accent answered and when I asked him if he worked for Apple. He said yes, I told him didn’t believe him and hung up the phone.
 
MacGod said:
If they care so much about my privacy, why don't they build in a anti-spam service to block these BS calls. put your money where your mouth is, Apple - prove you care about my privacy.
Click to expand...
Maybe they will implement something if this problem persists and more and more users speak out about it. When many people are saying that Telcos are complicit in this as they may actually be profiting by allowing this sort of thing to go on, maybe a different approach is needed. Google has a kind of a lame version of tackling this problem that they have introduced on Pixel 3 but it's now making way to their older phones, hopefully it will eventually make its way outside of the stock Android and onto other handsets like Samsung, LG, OnePlus, etc. But in a nutshell, I think Google has the right idea, it just needs to be expanded on.

To understand a way to stop it, we need to know why these scammers engage in this kind of behavior. The main reason is because making millions of robocalls and spoofing numbers got ridiculously cheap and easy. Furthermore, when the live person behind the scam gets connected to someone on the other end, it is most likely a potential victim. Sure, every now and then they would get someone who will want to screw with them and waste their time, but right now the amount of these is a relative minority. And while scambaiting could be fun, face it, the majority of us working folks have no time to do it. Sure, every now and then when I am not busy with work or life and I get one of these calls from an unknown number, I will pick up and mess around, but most of the other time I will either not answer or if I do answer, I will hang up as soon as I realize that it's a scam.

IMO, the key to stopping this would be to turn the amount of time when scammer actually gets connected to someone from minority to majority. If Apple boasts about how advanced their AI and machine learning has become, why don't they put it to good use by creating some AI bots to talk to these scammers that can actually make them think that they are talking to real human beings when in reality all they will be doing is stringing them along for as long as possible on every call, frustrating the living cr*p out of them. If Apple could come up with AI intelligent enough to pull that off, they can easily add capability to forward an incoming call to a bot either while ringing or in the middle of the call (when one picks up but realizes it's a scam call). Again, I have to emphasize that the AI has to be intelligent enough to pass for a real human being, only then can we managed to waste scammers' time not in isolated incidents, but wholesale, and if it can be done, these scammers will simply give up in frustration.
 
hvfsl said:
I agree, although it isn't just the US that has this problem, but a global one We have exactly the same issue in the UK too. A lot of these calls that show up with a UK number actually originate from outside the UK (e.g. generally India), so I would have thought it would be easy for British Telecom to just block any calls with a UK caller ID, which originate from outside the UK, but I guess it isn't. It probably needs a global solution from all the telcos, which probably isn't going to happen until landlines are got rid of and everyone goes to VOIP.
Click to expand...

VOIP is the biggest part of the problem. Since there is almost no cost to call anywhere in the world with a spoofed caller ID, scammers in countries outside of the legal reach of the victim's country can make thousands of calls per hour. Eventually someone will fall for their scam.
 
lostngone said:
I got a call from Apple earlier today. However it was just an 800 number it didn’t show up on the phone as “Apple”.

It was a recording telling me my Apple account was compromised and that I should press one to speak to an Apple representative. I pressed one, a person going by the name of “Mac” with a heavy Indian accent answered and when I asked him if he worked for Apple. He said yes, I told him didn’t believe him and hung up the phone.
Click to expand...
Haha, they are spoofing Apple Tech Support and the best name they could come up is Mac? You should have told them that you were a PC. Even when I get calls from "Windows Technical Support", none of them introduced themselves as Bill Gates, Steve Ballmer or Satya Nadella.
 
I have some UK contacts who got spoofed calls for their iPhones. They usually get Microsoft Support Center by a twit who couldn't string a three word sentence together.
 
Just set your ringtone to silent. Oh wait Apple doesn't allow that.
Just use the muscle between your ears.
[doublepost=1546662633][/doublepost]
AngerDanger said:
You could really mess with phishers by saying, "I'm kinda busy, so lemme call you back in a little while. I'll just look up the Apple support number online… unless there's some reason I can't just use Apple's official site to contact you."
Click to expand...
Yes I like to mess with them too. Ask them questions or repeat back something completely nonsensical.
Sometimes I answer the phone in other languages like Spanish, Russian, Mandarin, French, Japanese. I know enough to have a short conversation and gets them all confused. I still need to learn some Hindi because a lot of calls come from there.
 
  • Like
Reactions: AngerDanger
Superhai said:
It is worldwide, but I think US is more targeted as there are more people living there and as such the chance of success is higher. There is also a language thing. I lived in India some years ago and it was endemic, but the callers only spoke in hindi, which I don't speak so I di not understand what was said.
Click to expand...

You have lived in India and you say, scam happens there because more people living in US? What am I missing? :)

Anyway, I think it is a nature of people, seems like it is a good business for countries where people trust “sweet” or threatening words over the phone.
I may be wrong and do not argue about it, just a point of view
 
StandingGoose said:
Settings -> Do Not Disturb -> Allow Calls From -> {Everyone, No One, Favorites, All Contacts, ...}
Click to expand...
Doesn't help unless you leave DnD on all the time, which I don't want to because it mutes some things with no option to do otherwise. I've already looked into that for this exact reason.
 
centauratlas said:
Incorporating built-in call spoofing protection and the ability to block unknown callers would go a long way to help.

Getting rid of SS7 as the back end and going end-to-end encrypted and verified will be the long term solution to stopping this. That would have the added benefit of preventing all kinds of espionage and eavesdropping on everyone's phone calls.
Click to expand...

Actually quite the opposite. SS7 is largely immune to ANI (CallerID) spoofing. The problem has emerged with VoIP and soft switches since it put open-source, programmatic ability to override ANI at the fingertips of elementary age kids, something that was nearly impossible before.
[doublepost=1546666291][/doublepost]
riverfreak said:
I’ve never understood why there isn’t a simple whitelist function. I don’t want ANYONE outside of my contacts sending me email or texts, or calling me. Is it too much to ask to block people you don’t know from contacting you?
Click to expand...

You’re missing the glaring fact that the one phone number that comes by default in every iPhone is Apple’s. So unless people delete that, their experience seeing the name Apple on their screen when a call comes from 1800MYAPPLE will be exactly as described in this article.
 
Last edited:
UKinEK said:
You have lived in India and you say, scam happens there because more people living in US? What am I missing? :)
Click to expand...
Maybe I should have rephrased that paragraph, possibly split it in two as well.

Because more people live in the US than many other smaller countries, it is a more tempting target. As well as more people who will speak up, so more attention.

Language is also an issue, as most smaller countries do have their own native language, which the scammer should master to have the chance to complete the scam. Someone with knowledge in English is easier to find, but other language countries would usually require someone living in the same countries and thus not be as willing to scam their own people, or maybe an easier target for law enforcement.

I mentioned India because it is a large country with a high amount of robocalls and spoofed calls, and I have experience with, to show how useless it is to try to scam someone when you cannot communicate with each other.
 
“As he rightly points out, it is both shocking and concerning that Apple devices are unable to tell the difference between a legitimate call from Apple and someone attempting to spoof Apple.”

Frightening that both Krebs and the author could think this. The phone only knows what was sent to it by the carrier, which is identical whether the call originated from Apple vs a fraud. Even the terminating carrier is at the mercy of the data provided to it by the originating carrier.

One way this problem could be addressed is similar to how Domain Keys was invented to authenticate email senders vs forged spam. The originating carrier could sign the headers of the call if it confirms the CallerID is legitimate based on its subscription base using key pair technology. Then the terminating carrier could dip DNS for the public key to determine if the caller is authentic and add a header to that effect which the recipient’s phone could use to determine whether the caller is trustworthy.

None of this, however, is anything Apple could accomplish. It requires a fundamental architecture change in the PSTN.
 
Last edited:
Doomtomb said:
Question is, how does the scammer know the number they are calling is an iPhone?
Click to expand...

The same way Windows Tech Support scammers know you have a Windows PC. They don't. Doesn't matter, though, because a healthy percentage of people, even dialing randomly, have iPhones or PCs or Macs or whatever the scammers are claiming has an issue. It's not even worth the effort for them to try to weed out the non-iPhone-owners before calling.
 
goonie4life9 said:
That's an interesting question. I once got a call from one of Apple's Austin, TX numbers immediately after a call I was on got disconnected due to weather. The person claimed to be a Senior Advisor and knew my case number and the full name of the agent I had just spoken to (I only knew the agent's first name and only learned her last name after she sent me an e-mail about 20 min after the call to me ended). She asked somewhat odd questions and was quite rude, so I told her I would call Apple back.

When I called Apple back, I was told they had no record of her call. Someone from Apple's executive customer relations contacted and did some more digging but was unable to find the person or a record of a call, and claimed the person must have spoofed Apple's number and that it must have been a phishing attempt.

It does make me wonder if some of this is happening from "inside" Apple....
Click to expand...

Shocking. That sounds like an inside job if really the first person you spoke to was genuine.
 
oldmanwinter said:
Call spoofing needs to be stopped. The cons far outweigh the pros. Do something Congress, FCC, Apple, someone!
[doublepost=1546637949][/doublepost]
They don't care. They can make calls in the millions. They're bound to hit a good percentage of iPhones.
Click to expand...

Dunno - the email phishing I get is targeted to iTunes . I’ve not gotten a google play store one. Getting access to iPhone users, is not just via apple, if you work for a telco and have access to the Database , done .
 
ravenstar said:
Why is it surprising that a phone can't tell the difference between caller id information that's fake and caller id information that's legitimate? It's indeed troubling that caller ID spoofing is so common, but this is common to all phones the display caller ID information and is something the carriers need to resolve.
Click to expand...
Exactly my thought... "As he rightly points out, it is both shocking and concerning that Apple devices are unable to tell the difference between a legitimate call from Apple and someone attempting to spoof Apple." is complete BS... There's no security layer on phonecalls whatsoever.

itsmilo said:
Is the whole scam calling stuff an US thing? I don’t think I ever had a call I did not know who it was on my phone. Two days in Miami with a local prepaid sim and I got random calls from Cuba DAILY
Click to expand...
As far as I can tell, yes... never had that problem in Europe... except Skype scammers...

kazmac said:
Yes, I got one of those your “iCloud account has been breached” calls last Sunday. Hung up on it. I do not use iCloud.
Click to expand...
When you have the time don't hang up... play their game and beat them on it. It will at least waste their ressources...
 
kazmac said:
Yes, I got one of those your “iCloud account has been breached” calls last Sunday. Hung up on it. I do not use iCloud.

I immediately reported that call to Apple.

They try every so often, but I know the only way I get a call from Apple support is if I call in first with an issue.
Click to expand...
Got the same call last week. Did the same. They seemed to think I was the one who was mistaken about the call origin. But I double checked, and the Caller ID says it was Apple calling me. Only reason I wasn’t fooled was because it seemed suspicious from a customer care best practices perspective, and especially from an Apple Care perspective.
 
  • Like
Reactions: kazmac
The scammer in the illustration using a surface is really a pathetic dig at Microsoft.
 
[AUT] Thomas said:
Exactly my thought... "As he rightly points out, it is both shocking and concerning that Apple devices are unable to tell the difference between a legitimate call from Apple and someone attempting to spoof Apple." is complete BS... There's no security layer on phonecalls whatsoever.

As far as I can tell, yes... never had that problem in Europe... except Skype scammers...

When you have the time don't hang up... play their game and beat them on it. It will at least waste their ressources...
Click to expand...
Naaah. Done playing that game - now I just report to Apple or the FTC. I have much more important things to do with my time than bait an ****** trying to get my Apple ID info.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back