Don't Fall for the Newest Apple Chatbot Scam

Cybercriminals are using every method available to them for phishing people's passwords, even if it means resorting to relatively dated technology and methods. A new SMS-based phishing attack is making the rounds once again, with criminals pretending to be an Apple chatbot, informing victims they have won a new iPhone. Of course, the whole setup is a scam.

This latest attempt at scamming people through SMS phishing (or smishing, as it's sometimes called) relies on one of the oldest tricks in the book - promising victims free, desirable items. The full text of the SMS scam, originally reported by Sophos, is as follows:

"Hello, <victim's name> (wave emote)

Congratulations, you received an opportunity to be in the testing group of our newest iPhone 12!

As part of Apple 2020 Testing Program

You've been selected as perfect candidate

Click this link for further information

<malicious phishing link>"

Anyone unfortunate enough to click through the poorly put together scam bait is taken through a series of forms, where they need to answer a few questions concerning name and address. Finally, the victim is expected to make a seemingly insignificant delivery fee payment and claim the brand new, but sadly very fake, iPhone for as little as a couple of dollars. However, the only payment method provided is a fake credit card form that will simply scrape any card information you feed it and deliver it right to the criminals behind the scam.

There are a large number of warning signs that a more cautious user would spot even if they decided to see what the scam is about. First of all, the original message from the fake Apple chat bot is put together poorly, despite its short sentences and few words, and contains multiple errors, mostly missing indefinite articles and unnecessary spaces.

The fake link in the message looks real enough, but sadly tapping on it does not lead to the URL on the screen. You can check any link on your mobile, whether it's suspicious or not, by tapping and holding your finger on it, which will bring up a popup with the actual destination URL, which in this case certainly isn't Apple's legitimate website. This is a good habit to develop for any link you come across and is essentially the equivalent of hovering your mouse cursor over a clickable link on your computer's browser.

Finally, common sense can be of great help when trying to dodge similar scams. Nobody is going to give you a next-generation, expensive piece of technology for two dollars. However, in the process of filling in the scam's credit card form, you are giving the criminals behind it not just two dollars, but access to your card information and that's more than enough to make online payments.

Being constantly aware of what you tap and click through in your email's inbox and your phone's messages has become an absolute necessity. You will discover than you can dodge the vast majority of scams and phishing attempts if you just exercise caution and use your common sense.

September 30, 2020

Leave a Reply