Beware of A New Apple Tech Support Scam

New Apple Tech Support Scam

You can always get a good laugh out of scammers who are trying and failing spectacularly to trick cybersecurity specialists. Unfortunately, when you stop and think about how many other, less savvy users fall for the crooks' tricks, things suddenly become rather more serious, especially when you see how clever some of the schemes have become.

The scam we're about to discuss today involves iPhone users and was first reported by cybersecurity journalist Brian Krebs. At the beginning of the year, Krebs was contacted by Jody Westby, the CEO of security consulting company Global Cyber Risk LLC who told him about a strange call she had received.

Despite what an unexpected automated call says, Apple hasn't suffered a data breach

On January 3, Ms. Westby's iPhone rang, and when she picked up, a machine told her that Apple had been hit by a cyberattack. The recorded message said that multiple servers containing Apple IDs as well as other information had been compromised. She was told that before she does anything else with her phone, she should call a 1-866 number where she will receive further instructions.

Being a security professional, Ms. Westby knew that Apple hadn't suffered a data breach, and she knew that even if it had, it would have chosen a different way of informing the public about it. Unfortunately, many other users wouldn't be this aware of what's going on. Especially in light of a clever trick the scammers tried to pull.

Despite what your iPhone says, that automated call is not coming from Apple

Similar scams are a daily occurrence nowadays, but this one stands out because although she knew that the whole thing was fake, when she looked at her iPhone to see who she had spoken to, Ms. Westby saw "Apple Inc." All the contact details, (the home page, the physical address, and the phone number) were correct.

Curious, Ms. Westby went to Apple's support page and opened a case, asking for a support agent to call her. An Apple representative did get in touch, and her iPhone told her that the legitimate call is coming from the same contact as the scam call.

Apparently, the scammers spoofed Apple's number and fooled the iPhone into thinking that they are real representatives. It's still not clear how they did it or what they were after. Brian Krebs tried to get in touch with them on the 1-866 number, but the scammer (who had an Indian accent according to Krebs) apparently realized that he's not talking to a typical victim and hanged up.

Scammers are upping their game

The difficult part of pulling off a scam is earning the victim's trust. Once the crooks get over this, their options are practically limitless. They can tell you that something's not right with your devices and ask for money to "fix" the problems, they can trick you into installing malware, and they can even gather information about you which they can later use for a variety of different purposes.

If the scheme is as convincing as the one described above, the crooks can even be as audacious as asking for your usernames and passwords. If they think that they're talking to vendor representatives, less experienced and informed users will willingly give out their login credentials which, especially in the case of Apple accounts, could expose tons of extremely sensitive data.

The really disappointing thing about the whole situation is that there is no step-by-step guide that will help you protect yourself. You just need to be extremely wary of the dangers and should treat every unexpected call with a sizable amount of proverbial salt. Unfortunately, as you can see, the phone number on your screen is not a reliable indicator. Questions about your personal information and claims that something's not right with your computer or phone, however, should immediately raise your eyebrows. If there's anything you're not sure about, hang up, and if you need to talk to the company, make sure you initiate the contact. Sometimes, this isn't the easiest thing in the world, but considering the fact that your personal data is at stake, we reckon that the effort is well worth it.

January 10, 2019

Leave a Reply