Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Maybe I should have rephrased that paragraph, possibly split it in two as well.

Because more people live in the US than many other smaller countries, it is a more tempting target. As well as more people who will speak up, so more attention.

Language is also an issue, as most smaller countries do have their own native language, which the scammer should master to have the chance to complete the scam. Someone with knowledge in English is easier to find, but other language countries would usually require someone living in the same countries and thus not be as willing to scam their own people, or maybe an easier target for law enforcement.

I mentioned India because it is a large country with a high amount of robocalls and spoofed calls, and I have experience with, to show how useless it is to try to scam someone when you cannot communicate with each other.

I also think that because almost anyone can speak English nowadays, it also became easier to scam internationally :)
 
I’ve never understood why there isn’t a simple whitelist function. I don’t want ANYONE outside of my contacts sending me email or texts, or calling me. Is it too much to ask to block people you don’t know from contacting you?

Apple puts their contact info in your contacts. I'm guessing there will be an update to remove it?
 
I got a call from the spoof this morning. The phone app did it's thing with Facebook and linked three names to it - one of which is "Apple ID." The other two appear to be legit names but one account hasn't posted anything since 2011 so I'm assuming the actual phone number isn't hers anymore.

Also, shouldn't the address be 1 Apple Park now? I know that info doesn't get delivered by CallerID but shouldn't the phone know that?

DAMN YOUR EYES, TIM COOK!!!

Screen Shot 2019-01-05 at 11.55.15 AM.png
[doublepost=1546714993][/doublepost]
Haha, they are spoofing Apple Tech Support and the best name they could come up is Mac? You should have told them that you were a PC. Even when I get calls from "Windows Technical Support", none of them introduced themselves as Bill Gates, Steve Ballmer or Satya Nadella.
Ha! Can you imagine Satya Nadella at his desk and getting a message on Skype (ugh I hate Skype so much) "Hey it's really busy so we put you in the queue. Just do the best you can! Message Steve or Bill if you need any help."
 
This is an ongoing problem with no end in sight. The only thing one can do is ignore the call and if it is legitimate incoming call, most likely a message will be left on voicemail. If the voicemail is not legitimate, just delete.
 
This is an ongoing problem with no end in sight. The only thing one can do is ignore the call and if it is legitimate incoming call, most likely a message will be left on voicemail. If the voicemail is not legitimate, just delete.
It's just an unfortunate vector for nefarious activities and I've spoken to nice old ladies in their 70's that don't fall for it and men in their 30's that fall for it hook, line and sinker. They just need one half of one percent of the people they hit to go for it to make enough money that it was worth the effort.
 
It's just an unfortunate vector for nefarious activities and I've spoken to nice old ladies in their 70's that don't fall for it and men in their 30's that fall for it hook, line and sinker. They just need one half of one percent of the people they hit to go for it to make enough money that it was worth the effort.
It is unfortunate that it happens to many regardless of age but you're right that criminals and telemarketers think it is worthwhile for the effort.
 
You can easily spoof ANY number. This used to be difficult to do prior to voip as your physical line had to be authorised to send specific caller ID numbers, e.g. if you owned an 0800 number and wanted to display it. With voip it became simple to send ant caller ID you wanted.

In the UK one of the common tricks is to call up a user on their landline from a number matching their banks. You inform the user that their account has been compromised then ask them to call the bank back to discuss it further. The user hangs up but the scam caller doesn’t, they play a dial tone audio then the unsuspecting user picks up the line, they hear the dial tone and dial the banks number. At this point the scammer ‘answers’ then proceeds to extract the users banking info/security and empties their account.

These attacks make use of stolen user data from the likes of Talk Talk where contact info and bank details were stolen, so they know who you bank with, your address and your phone number.

Both the author of the article and the a source are out for clicks here. It is a known fact that millions of phishing calls take place daily and spoof many companies numbers. As a security researcher Krebs has to be aware of this so his ignorance as to how this works and how an iPhone can not identify that it is a phishing call is only to point the finger at Apple to obtain clicks.
 
Last edited:



Phishing scams attempting to get info out of Apple users are nothing new, but scammers are growing more clever and scams are getting harder to distinguish from actual Apple communication.

On his Krebs on Security site, security researcher Brian Krebs today outlined one of the latest phishing scams he's seen, where an incoming phone call appears to be from a legitimate Apple support line.

As described by Krebs, Jody Westby, CEO of security consulting firm Global Cyber Risk, received an automated call on her iPhone warning her that services containing Apple user IDs had been compromised.

The message asked her to call a 1-866 number, and in the Phone app, the call looked like a call from Apple, with the number listed as 1(800)MYAPPLE, the name listed as Apple Inc., and with Apple's Infinite Loop website.

Westby contacted Apple support via the official Apple Support page and asked for an employee to contact her. She was assured that the call was not legitimate, but when looking in her recent calls list, she saw that real support call had been lumped in with the fake call.

applephishingscam-800x707.jpg

Original scam call info on the left, with scam call info lumped in with actual Apple support call on right.
The scammers spoofed Apple's phone number and the iPhone was unable to distinguish between the real and fake calls, making it look like Westby had, in fact, been contacted by Apple multiple times, when that was not the case. Westby told Krebs that this is a convincing scam that people may fall for.Krebs went ahead and called the number that the scammers had asked Westby to call, where an automated system claimed he had reached Apple Support. A minute later, a person came on the line and asked about the reason for the call. Krebs responded that he was told to call about a breach at Apple, was placed on hold, and the call disconnected with no resolution.

A similar report hit Twitter this morning from Fantastical developer Michael Simmons, who says he received a scam phone call that also spoofed Apple's number.


Krebs believes scammers are aiming to obtain personal and financial details from Apple users to get payment, perhaps for tech support services. As he rightly points out, it is both shocking and concerning that Apple devices are unable to tell the difference between a legitimate call from Apple and someone attempting to spoof Apple.

With these kind of phone-based scams, it's a good idea to disconnect the call and get in touch with Apple via the actual support site to avoid being fooled. Apple support does not cold call users in this manner, so these calls are almost always fake, but scammers are skilled social engineers and people do fall for these scams.

Apple has a dedicated support page with information on how to avoid fake support calls, phishing emails, and other scam techniques that malicious individuals employ to extract information from Apple users.

Article Link: Apple Phishing Scams Growing More Advanced, With Latest Spoofing Apple Phone Numbers

Stick that on a billboard.
 



Phishing scams attempting to get info out of Apple users are nothing new, but scammers are growing more clever and scams are getting harder to distinguish from actual Apple communication.

On his Krebs on Security site, security researcher Brian Krebs today outlined one of the latest phishing scams he's seen, where an incoming phone call appears to be from a legitimate Apple support line.

As described by Krebs, Jody Westby, CEO of security consulting firm Global Cyber Risk, received an automated call on her iPhone warning her that services containing Apple user IDs had been compromised.

The message asked her to call a 1-866 number, and in the Phone app, the call looked like a call from Apple, with the number listed as 1(800)MYAPPLE, the name listed as Apple Inc., and with Apple's Infinite Loop website.

Westby contacted Apple support via the official Apple Support page and asked for an employee to contact her. She was assured that the call was not legitimate, but when looking in her recent calls list, she saw that real support call had been lumped in with the fake call.

applephishingscam-800x707.jpg

Original scam call info on the left, with scam call info lumped in with actual Apple support call on right.
The scammers spoofed Apple's phone number and the iPhone was unable to distinguish between the real and fake calls, making it look like Westby had, in fact, been contacted by Apple multiple times, when that was not the case. Westby told Krebs that this is a convincing scam that people may fall for.Krebs went ahead and called the number that the scammers had asked Westby to call, where an automated system claimed he had reached Apple Support. A minute later, a person came on the line and asked about the reason for the call. Krebs responded that he was told to call about a breach at Apple, was placed on hold, and the call disconnected with no resolution.

A similar report hit Twitter this morning from Fantastical developer Michael Simmons, who says he received a scam phone call that also spoofed Apple's number.


Krebs believes scammers are aiming to obtain personal and financial details from Apple users to get payment, perhaps for tech support services. As he rightly points out, it is both shocking and concerning that Apple devices are unable to tell the difference between a legitimate call from Apple and someone attempting to spoof Apple.

With these kind of phone-based scams, it's a good idea to disconnect the call and get in touch with Apple via the actual support site to avoid being fooled. Apple support does not cold call users in this manner, so these calls are almost always fake, but scammers are skilled social engineers and people do fall for these scams.

Apple has a dedicated support page with information on how to avoid fake support calls, phishing emails, and other scam techniques that malicious individuals employ to extract information from Apple users.

Article Link: Apple Phishing Scams Growing More Advanced, With Latest Spoofing Apple Phone Numbers
APPLE DOES NOT CALL CUSTOMERS UNLESS THE CUSTOMER HAS CALLED APPLE FIRST FOR AN ISSUE. PERIOD!
 
I have an IT business. I have been seeing this with my home clients, getting worse over the last few months.

And what I have found is that these scammer jerks, about 2/3s of the time, end up running the con so that they get access to the user's Amazon account, and then buy iTunes or Best Buy gift cards with e-delivery, then kill the notification emails, hide the transaction and the GC numbers are sold/used in just minutes. While they take over the screen, at one point with a lot to technical gobbledygook, they distract the user by having them get their phone and make nonsensical settings on it... ultimately not making any changes, but diverting the attention all while they are running up the Amazon tab. Most people wouldn't notice the transaction at all. I have seen a couple of cases where the amounts charged at the $129 and the rep explained that "we renewed your Amazon Prime membership" for even more reason to ignore the charge.

I have sent many, many email notice to my clients warning them. But I suspect the bad guys here are using democratic lists and are targeting the 70-plus people after 5 PM when they are most mentally vulnerable. I have yet to witness a call firsthand, but I have cleaned up about 20 of these scams. Noting what clients have said, the calls do not seem to be random calls, that the bad guys already have certain bits of information on the users. I suspect they are using legit eMarketing lists in come cases, and in others they get the user to divulge information as part of their con.
 
My favorite thing to do is call the scammers over and over and over and over and over and over and over and over and over and over and over and.... you get it. Called an IRS scammer 97 times.... had nothing better to do at the time so figured why not? I typically tell them I'm going to kill them and their entire family... they typically in their broken english say something about 911 or some other silly thing....
 
My favorite thing to do is call the scammers over and over and over and over and over and over and over and over and over and over and over and.... you get it. Called an IRS scammer 97 times.... had nothing better to do at the time so figured why not? I typically tell them I'm going to kill them and their entire family... they typically in their broken english say something about 911 or some other silly thing....

You do realize that the caller's number is spoofed? Calling it back won't take you to the scammer, but to the person who owns the number they spoofed. That could be your neighbor. Or some FBI agent. Anyone.
 
Clever, but i think the map is a give-away, unless the street is in different language... I compared this on Google Maps.

*edit: scratch that.. was zoomed out*

My favorite thing to do is call the scammers over and over and over and over and over and over and over and over and over and over and over and.... you get it. Called an IRS scammer 97 times.... had nothing better to do at the time so figured why not? I typically tell them I'm going to kill them and their entire family... they typically in their broken english say something about 911 or some other silly thing....

Lucky 1800 numbers are free calls then..
 
Robo or spoof calls are a huge issue here in the U.S., and it's not getting any better IMO. Can't tell you the number of calls I receive from the "IRS" telling me (in a very distinct Indian accent) that the cops are on their way to my house for defaulting on my tax payments. The funny thing is, when I play along, they tell me that they need to be paid in Apple gift cards...lol

From what I've read, it's up to the tone deaf carriers to help combat this problem. We'll see if the FCC makes good on their promise this year. (I'm sure Verizon and AT&T will figure out a way to spin this into a rate hike some how):

https://www.theverge.com/2018/11/5/...e-action-against-carriers-call-authentication

https://www.usatoday.com/story/news...munications-caller-id-shaken-stir/1682591002/
 
Call spoofing needs to be stopped. The cons far outweigh the pros. Do something Congress, FCC, Apple, someone!

It would probably cost billions of dollars to solve. Number spoofing in SS7 is an intentional feature and it is used for all sorts of call routing features in corporate PBX systems.

Probably best to let old fashioned circuit switched phones gradually phase out in favor of IP based.
 
You do realize that the caller's number is spoofed? Calling it back won't take you to the scammer, but to the person who owns the number they spoofed. That could be your neighbor. Or some FBI agent. Anyone.
Funny.... that's why every time I call it the same person answers.... tells me it's the IRS with the broken Indian accent..... Guess that person is it on it to eh?
 
Maybe they will implement something if this problem persists and more and more users speak out about it. When many people are saying that Telcos are complicit in this as they may actually be profiting by allowing this sort of thing to go on, maybe a different approach is needed. Google has a kind of a lame version of tackling this problem that they have introduced on Pixel 3 but it's now making way to their older phones, hopefully it will eventually make its way outside of the stock Android and onto other handsets like Samsung, LG, OnePlus, etc. But in a nutshell, I think Google has the right idea, it just needs to be expanded on.

To understand a way to stop it, we need to know why these scammers engage in this kind of behavior. The main reason is because making millions of robocalls and spoofing numbers got ridiculously cheap and easy. Furthermore, when the live person behind the scam gets connected to someone on the other end, it is most likely a potential victim. Sure, every now and then they would get someone who will want to screw with them and waste their time, but right now the amount of these is a relative minority. And while scambaiting could be fun, face it, the majority of us working folks have no time to do it. Sure, every now and then when I am not busy with work or life and I get one of these calls from an unknown number, I will pick up and mess around, but most of the other time I will either not answer or if I do answer, I will hang up as soon as I realize that it's a scam.

IMO, the key to stopping this would be to turn the amount of time when scammer actually gets connected to someone from minority to majority. If Apple boasts about how advanced their AI and machine learning has become, why don't they put it to good use by creating some AI bots to talk to these scammers that can actually make them think that they are talking to real human beings when in reality all they will be doing is stringing them along for as long as possible on every call, frustrating the living cr*p out of them. If Apple could come up with AI intelligent enough to pull that off, they can easily add capability to forward an incoming call to a bot either while ringing or in the middle of the call (when one picks up but realizes it's a scam call). Again, I have to emphasize that the AI has to be intelligent enough to pass for a real human being, only then can we managed to waste scammers' time not in isolated incidents, but wholesale, and if it can be done, these scammers will simply give up in frustration.

Already exists

https://jollyrogertelephone.com/
 
I haven’t gotten a call like that (yet) but I still get a few phishing emails from time to time. I just got a phishing email this evening saying that I just bought a series 2 watch from the online Apple store and that my address was in Israel. $84 bucks, what a steal! I laughed at the badly worded email, reported it and trashed it.
 
Last edited:
I was getting a lot of these calls last year. I set up a virtual machine in Parallels that was isolated from my Mac. So I let them lead me to Hades. On two occasions I was able to get their account numbers and turned them over to the support site so they could be locked out. When I told the scammers one of them threatened physical violence. Such joy.
 
Apparently they are active again. I have received more than 10 calls within the past two days claiming to be Apple Support wanting to address an "intrusion" into my iCloud account.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.