Brian Krebs reported today that a woman got an Apple Support scam via an automated phone call. And it looked like a legitimate call from Apple.
[How to Protect Yourself from Phishing Scams, and How to Recover if You Get Hooked]
Apple Support Scam
CEO of Global Cyber Risk LLC Jody Westby got an automated call on her iPhone Thursday. It warned that multiple Apple user IDs had been compromised and said she needed to call a 1-866 number.
Her iPhone displayed legitimate-looking contact information for Apple. It listed Apple’s correct street address, its real customer support number, and real web address (But without the ‘h’ in https). Ms. Wesby went to the Apple support page and requested to have a customer support rep call her back.
She said the Apple employee she spoke with said that the company hadn’t contacted her and that the call was likely a scam. But when she looked at her recent calls list, the scam call was grouped together with legitimate calls from Apple.
Tips
Apple has a support page to report phishing scams to the company. To report phishing emails you can forward the email to [email protected]. If you get a call from someone claiming to be from Apple, you can take steps to contact Apple here.
For text messages you can report phishing to your phone carrier. Most—if not all—carriers, including the big ones like AT&T, Verizon, Sprint, and T-Mobile, let you forward spam text messages to 7726 (SPAM).
[Bent iPads, Phishing Scams – TMO Daily Observations 2018-12-20]
I got 4 calls with an hour from these jokers. The on the last call I gave a sample of my Hindi vocabulary (not very nice, the Russian term would be nekulturnyy). The calls stopped.
Apple will NOT call you EVER! Apple usually won’t email you either. But if you do get an email check out the sender information but don’t click on any links. Go to the Apple Support site yourself and look for the info that was in the email. If you cannot find it yourself. Look up Apple Support phone number and call Apple yourself. Don’t ever use a phone number that is in an email. Don’t get fooled when you are on a website and another website popup comes up saying you are infected call this number. Those are phishing scams to fool you out of your money. Apple will never give you any kind of popup telling you to call them from a random website.
The call itself would not have contained any contact card info. It was a spoofed phone number (Apple’s) and so the iPhone matched that phone number to an existing contact card. Returning the call would have gone through to Apple. The danger was in phoning the other quoted 1-866 number.
So this is just a variant of scam calls that spoof all sorts of phone numbers and is a reminder to never trust any incoming unexpected call.
Just like email wasn’t created with security in mind, neither was phone system caller ID.