A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.
Jody Westby is the CEO of Global Cyber Risk LLC, a security consulting firm based in Washington, D.C. Westby said earlier today she received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised (the same scammers had called her at 4:34 p.m. the day before, but she didn’t answer that call). The message said she needed to call a 1-866 number before doing anything else with her phone.
Here’s what her iPhone displayed about the identity of the caller when they first tried her number at 4:34 p.m. on Jan. 2, 2019:
Note in the above screen shot that it lists Apple’s actual street address, their real customer support number, and the real Apple.com domain (albeit without the “s” at the end of “http://”). The same caller ID information showed up when she answered the scammers’ call this morning.
Westby said she immediately went to the Apple.com support page (https://www.support.apple.com) and requested to have a customer support person call her back. The page displayed a “case ID” to track her inquiry, and just a few minutes later someone from the real Apple Inc. called her and referenced that case ID number at the start of the call.
Westby said the Apple agent told her that Apple had not contacted her, that the call was almost certainly a scam, and that Apple would never do that — all of which she already knew. But when Westby looked at her iPhone’s recent calls list, she saw the legitimate call from Apple had been lumped together with the scam call that spoofed Apple:
The call listed at 11:51 a.m. was the result of Westby accidentally returning the call from the scammers, which she immediately disconnected.
“I told the Apple representative that they ought to be telling people about this, and he said that was a good point,” Westby said. “This was so convincing I’d think a lot of other people will be falling for it.”
KrebsOnSecurity called the number that the scam message asked Westby to contact (866-277-7794). An automated system answered and said I’d reached Apple Support, and that my expected wait time was about one minute and thirty seconds. About a minute later, a man with an Indian accent answered and inquired as to the reason for my call.
Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected.
No doubt this is just another scheme to separate the unwary from their personal and financial details, and to extract some kind of payment (for supposed tech support services or some such). But it is remarkable that Apple’s own devices (or AT&T, which sold her the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.
As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever, phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. If a call has you worried that there might be something wrong and you wish to call them back, don’t call the number offered to you by the caller. If you want to reach your bank, for example, call the number on the back of your card. If it’s another company you do business with, go to the company’s Web site and look up their main customer support number.
Relying on anything other than a number obtained directly from the company in question — such as a number obtained from a direct search on Google or another search engine — is also extremely risky. In many cases, the scammers are polluting top search engine results with phony 800-numbers for customer support lines that lead directly to fraudsters.
These days, scam calls happen on my mobile so often that I almost never answer my phone unless it appears to come from someone in my contacts list. But as this scam shows, even that’s not always a great strategy.
It’s a good idea to advise your friends and loved ones to ignore calls unless they appear to come from a friend or family member, and most importantly to just hang up the moment the caller starts asking for personal information.
Apple has not yet responded to requests for comment.
I’m surprised anyone even uses the phone these days. Between non-stop scam calls and quasi-fraudulent debt calls thanks to our anti-consumer credit and legal system it is almost better to not even have one. For people my age its the system of last resort and I’ve gone 6 months at a time without making a single call if any other contact method is available. Just like the US Postal Service, telephone is on the way out.
this is insane my doods
There are some technical solutions to scammers, but the biggest problem is insufficient incentive for telecom to implement. For instance, charging inbound callers for each call, and letting the recipient manage charge price and forgiveness for friends and such. Or perhaps an SPF (email) mechanism for caller ID where users can define drop/warn. Phone companies won’t make money fixing this and there is no legislation where they would loose money… so it doesn’t happen.
IMHO scammers need a crowbar to the knuckles… but you still have to take into account that some of the scammers you are yelling at are in a call house sweat shop where there is no other job opportunities. That doesn’t make it right, but when you are trying to feed your family…
Someone tell this Jody chick she’s clueless and she needs to look in her contacts and see that she has a listing in there for the Apple Inc listing that’s showing up, all with all the info that’s in that screenshot. That’s the only reason the spoofed original spam call even shows up like that on her callerID, which on ANY cell phone is based strictly on LOCAL CONTACT INFO STORED ON THE PHONE. Amazing how many of you so called “security experts” are writing about this article and issue and are completely clueless as to that one small detail that is actually quite important. If anything, this is a carrier issue which should be resolved because the original callerID is what was spoofed, and THAT is the real problem with spam calls today… the carriers not having stringent enough rules on their provisioned lines and who has permission to send a callerID which doesn’t actually belong to them. Clearly you guys need to educate yourselves more before you write about this stuff!
I have Apple in my contacts and I certainly never added them. At some point, iPhones must have (assuming they don’t currently) shipped with Apple in the contacts list and it eventually got merged with my contacts.
That means a lot of people are potentially affected, and no, it’s not due to “stupid user added apple to their contacts and suddenly the phone is matching that to the incoming call”.
The point is this. Krebs is reporting on a supposed security article and hasn’t made it a point to clear up any tenchnical confusion which was placed there from the clueless security company CEO that first published this story. Additionally, I have no Apple entries under my contacts outside of the ones I’ve put in myself, so perhaps more people should look at the contacts lists in their phones when buying a new one so as not to merge their own contacts with whatever’s there if you’re not restoring a backup to your new phone as part of the migration from old to new, because clearly that would clear existing contents on the phone. But even so and with all of that said, for someone who deems herself the CEO of a cyber security firm to be so misinformed as to not know how this scam came about and how the technology she uses every day works and why her call log looks like it does is just beyond words. That’s the real big picture here. The fact that she thought her outbound canceled call was calling the scammers back shows just how stupid she really is, so yeah… it is a “stupid user” issue in this case. If this was a general user, it wouldn’t care as much, but I’m tired of people who should know what their doing because of their positions in their workplace be clearly and absolutely CLUELESS!
Checked my iOS “Contacts” and found that I had no fewer than five Apple corporate entries, two under the old “Apple Computer, Inc.” name and three as “Apple, Inc.” All are out of date, as (1), as noted above, the current URL uses https by default (though it will correct old http ones) and (2) Apple’s Corporate address is now One Apple Park Way (you know, the spaceship).
Clearly, these are either artifacts from older versions of one or another Apple OS, or legitimate calls I got from Apple, since as far as I know, no one spoofing an Apple Caller ID has ever contacted me — I’ve only gotten calls from their support after asking for a callback online.
But yes, this is indeed something the FCC needs to act on, but never will user this administration and its carrier-overfriendly FCC chair.
No, YOU’RE WRONG, Jody is not. You need to look up the fax before you spew your negativity and false information on topics you know nothing about !
One thing to note on the second screen shot with the cancelled call. In this case she called 1 800 My Apple as noted by the “recent” designation. Tapping a recent call record can only call a number already in the contact record. Since the incoming number was clearly a spoofed caller id (thus the request to call a different number) there is no breach of her phone, unless you manually add the fake call back number to the contact record.
Speaking of Scamming Apple… I have been getting Emails from Indonesia claiming to be Apple Support.
They are asking me to verify purchases I made in Indonesia. I have taken Screen shots of the Email and sent to Apple Security. No Response from them.
Forward the emails to firstname.lastname@example.org. You won’t get a response, but the emails are added to the database for tracking.
A relative was hit by this scam and the caller tried to “confirm” iCloud account info and induce her to buy a $500 Google Play gift card. She would be “reimbursed by Apple.”
FWIW, re contact car, Apple Inc. is now headquartered in Apple Park, 1 Apple Way, Cupertino, CA.
I’ve received many spam/phishing calls spoofing more than 10 different Apple Store local phone numbers over the past year. I rely on TrapCall to sort them all out.
This scam is real. I fell for it. For a lot of Google Play Card $$. It was the legit Apple support phone #. Scammers used only this number with me and the automated line kept calling even when I had already answered. I called the # back when I had a chance while the Indian support tech was not on the telephone with me and got I believe the real Apple. I was still skeptical. The scam tech sent me to Apple.com and click on support. Same screen as real Apple–he had access to my computer briefly but was focused on convincing me I had been hacked and needed to reduce my badlimit or something like that to zero. Gave me a Case ID immediately–too bad I didn’t check it out until next day–fake. Sent me fake confirmation of reimbursement for Google Play expenditures via text from my credit card bank. He got very defensive about my critical nature, but did enough right to make me keep with him until he tapped me out of funds. Beware. Apple didn’t seem to care too much that they were the front for this scam. Normally I never answer a call I don’t recognize, but for whatever reason fate took a hand.
Happy 2019. Incident happened on January 2.
Computer hacked from Comcast caller id : 1-844-576-0854 posing as Michael Ross Sr.Technician! Phone answers Comcast technical support. Filed IDENTITY THEFT police report for hacker charging $$$$ gift cards as me at Walmart,Target,Nordstroms,Best Buy ;also infected computer with porn. Claimed Comcast was liable and $500 Sonicwall Anti-hacking tool kit would be installed by Rebecca Denver :Employee ID AD8105392750 then reimbursed by Comcast XFINITY.
Computer hacked from Comcast caller id : 1-844-576-0854 posing as Michael Ross Sr.Technician! Phone answers Comcast technical support. Filed IDENTITY THEFT police report for hacker charging $$$$ gift cards as me at Walmart,Target,Nordstroms,Best Buy ;also infected computer with porn. Claimed Comcast was liable and $500 Sonicwall Anti-hacking tool kit would be installed by Rebecca Denver :Employee ID AD8105392750 then reimbursed by Comcast XFINITY
I renamed the two apple contacts in my iPhone to
Fake-Apple Computer Inc.
Now I need to do the same rename for my kids, wife, parents, etcetera.
Think about it folks.
Why would Apple want a Google play card?
Why would Microsoft want a Google play card?
Apple and Google and Microsoft are all competitors. Absolutely no reason for these companies to ever ask for ANY type of gift cards.
If they call you directly without you requesting it, and you are scammed, its your fault. Wake up 🙂
I dont own any apple products and get this call four times a day. SMH.
This has also occurred through Verizon as I have been getting the same calls looking to get me a lower credit card and repeatedly call al six family member phones in the order they are registered with Verizon. These calls are also back to back without a delay and when you ask for a call back number they say you can’t call back but they can and you get disconnected. When calling the numbers they are not in service or are other Verizon customers numbers. Very ingenious scam
Just got a fake call from “Apple Support”. Scammers spoofed the phone number for the local Apple store in my area. Looks like they are getting more and more sophisticated. SHAKEN/STIR can’t come soon enough!
Funny thing I got a call regarding Apple not having Apple device. Scammers can’t imagine people can not use Apple.
THE APPLE SCAMMERS WITH INDIAN ACCENTS KEEP CALLING MY HOUSE & SAYING OUR APPLE ACCOUNT WAS HACKED THE PHONE # IS 904-380-3080 .. WHEN I CALL IT SAYS APPLE SAINT JOHNS APPLE STORE… BEWARE SCAMMERS FOR SURE
John, you should not have called that number. You played right into their plot.
Think next time. That’s what this site is warning of. DON’T DO IT.
You’re right that it’s a bad idea to call back an unfamiliar number without verifying first it but in this case, that IS the phone number of the Apple store at the St. Johns Town Center in Jacksonville, Florida. It must have been the spoofed phone number that Caller ID displayed, not the callback number that the scammers included in the message they left in John’s voicemail or on his answering machine.
Indian Telugu guys are mostly the masterminds for these scams. These scammers come to US to make frauds. They either do Masters fraud like getting into some fake universities and work illegally or to have pocket money they scam genuine people with fake accent. When I was talking to them, I realized I was being scammed when I heard some other guys talking in Telugu and Hindi. I am also scammed by these filthy people and I want the cyber security experts or apple to genuinely look into this and get to the root cause.
Apple being a Trillion dolor company does not support its customers who have been scammed instead they raise their hands and say they cannot do anything .
I genuinely wish this goons and scammers are kicked out of US.