A new phishing scam that is reportedly targeting iPhone owners may potentially trick some users, as the call looks like it is really coming from Apple Support.
Phishing is becoming more sophisticated, with one of the latest attacks tricking users that fraudulent websites are legitimate by placing the green padlock symbol in the URL bar. The new scam is the latest example on how phishing is becoming even better, so users should always be vigilant.
The new phishing scam was reported by security researcher Brian Krebs, who said that Jody Westby, the CEO of security consulting firm Global Cyber Risk, received an automated call on her iPhone. The call said that multiple servers containing Apple IDs were compromised, and that she needed to call a 1-866 number immediately.
The request to call another, unofficial number raises a red flag that it is a phishing scam. However, the dangerous part is that the automated call displays Apple’s logo, the company’s address, and its real phone number. In addition, when Westby requested a call from an Apple Support representative, the fake call was indexed in the Recents list of her iPhone with the official number. The iPhone was not able to differentiate between the fake call and the legitimate one.
The support agent confirmed that Apple did not contact Westby, and that the call was almost certainly a scam. When Krebs called the 1-866 number that the fake call requested Westby to contact, he was received by an automated system, followed by a man with an Indian accent. Krebs played along and said that he was contacted by Apple regarding a security breach, but after being put on hold, the call as disconnected.
The dropped call was unexplained, but Krebs said that this is most likely another scheme that will try to extract personal and financial information, or some kind of payment, from unsuspecting users. Krebs also found it remarkable that the iPhone and AT&T, Westby’s carrier, were unable to differentiate between the fake call with the real Apple Support call.
The best way to fight back against phishing scams is to remember to never disclose personal and financial information to an unknown or unexpected caller. The attacks may continue to become more sophisticated, so users should always stay on their toes.