Phishing is the fraudulent practice of sending emails or placing phone calls pretending to be a reputable company in order to trick individuals into revealing personal information such as passwords or credit card numbers.  Phishing attacks are becoming more popular and increasingly sophisticated. An example of a more recent attack is where the scammers are using the green padlock symbol on the URL bar for the fraudulent website to trick users into believing they are using the real thing. The green padlock indicates that the website is safe and secure for users.

A new threat appears to be targeting iPhone users specifically. This phishing scam emulates Apple Support. The call notifies the potential victim that multiple servers containing Apple ID information were compromised and that they need to call a 1-866 number immediately. 

What makes this threat different?

The concerning part about this scam is that the fake number is registered as Apple. Therefore, it displays the Apple logo, company’s address along with the real phone number. The fake call was also indexed with the legitimate calls to Apple, meaning the iPhone could not tell the difference between the real and fake call.

The first report of this scam was from Jody Westby, who is a CEO of a security consulting firm. She posted a screenshot of the call log showing the fake call occurred at 11:44AM.  Westby reached out to Apple Support to have a representative call her, who confirmed that Apple did not make the call.

What happens if you call?

A security researcher, Brian Krebs, called the number to see what would transpire if someone did happen to call the fake number back. Kreb posted the following:

An automated system answered and said I’d reached Apple Support, and that my expected wait time was about one minute and thirty seconds. About a minute later, a man with an Indian accent answered and inquired as to the reason for my call.

Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected.

No doubt this is just another scheme to separate the unwary from their personal and financial details, and to extract some kind of payment (for supposed tech support services or some such). But it is remarkable that Apple’s own devices (or AT&T, which sold her the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.

A link to the full article can be found here.  It is crucial to never disclose personal and financial information to an unknown entity. These phishing scams are becoming more sophisticated, so users should always be attentive. If you are concerned about your Apple ID and password, you can reset your password for ease of mind. Click here for a link to the Apple Support page dealing with resetting a password.