A particularly clever phone scam attempt is gaining momentum in the United States. Hackers pretend to be Apple support to steal data
A new phone scam is spreading in the United States: that of the fake call from Apple support. It was reported by analyst and journalist Brian Krebs, who publishes the site KrebsOnSecurity. It’s a quite sophisticated scam and able to make fall into the trap even rather shrewd users, who usually don’t bite to phone phishing. But how does the Apple Support scam work?
It all starts with an automated call that is made to an Apple user’s number. The smartphone display shows the Apple logo and the words Apple Inc. in addition to the company’s physical address. When the user answers the phone, a recorded voice warns them of an alleged personal data breach on Apple’s servers and to call 1-866-277-7794 for support. The scammers’ skill lies in the fact that the fake call then shows up in the “Recent Calls” list as a call received from Apple’s official customer support.
How does the fake Apple support call scam work?
This makes it very difficult to tell that this is a scam: the number the call came from is known among electronic security people as a user normally used for scams, but the average user cannot know this except by logging on to Apple’s website and making a phone support request. When the user receives the call from Apple’s real customer service, they can ask if the previous call was real or not.
KrebsOnSecurity pretended to be the average user and called the number from which the scam originated. An auto-responder welcomed the customer to Apple’s phone support and invited him to wait about a minute and a half. All fake, but how to figure it out? After about a minute, a man with an Indian accent answered and asked the reason for the call. Continuing to pretend to be a user who had taken the bait, Krebs said he had been alerted to a breach and was asked to call the number in question. Shortly thereafter, the line went dead.
What the fake Apple customer service scam is for
According to Brian Krebs, this system is used by scammers to skim and verify the lists of personal data they’ve managed to get their hands on illegally. Out of a totality of supposed phone numbers of Apple users, some will actually be working and some will not and some will not really be of Apple users. However, if the user receives the call and dials the requested number, then their personal information is correct: it is a working phone number and they are truly an Apple user. This way, in the future, scammers can better use his personal information to take advantage of it with other scams.