Beware: Scammers Are Now Spoofing Actual Apple Support Numbers

Scam Call Appears To Come From Apple Credit: Jody Westby / Global Cyber Risk
Text Size
- +

Toggle Dark Mode

Phishing scammers targeting Apple users are getting much more sophisticated and clever in their techniques, according to a new report.

Support call scams aren’t new, but there is now a new generation of such scams that are much harder to discern. Security researcher and journalist Brian Krebs on Friday detailed a new phishing scam that appears like it’s coming from Apple.

Jody Westby, CEO of security firm Global Cyber Risk, reportedly received a call earlier today warning her that “servers” containing Apple IDs had been “compromised.” She told Krebs that the automated message instructed her to call a 1-866 number to continue using her phone. Another “Apple” call was made earlier that day, but she didn’t answer it.

Worryingly, both calls were spoofed to look like they came from Apple’s actual support number.

The caller contact card was even listed as Apple Inc. and contained Apple’s actual street address.

Westby then contacted Apple Support directly. She was informed by actual Apple staff that the earlier calls were indeed fraudulent.

Apple Phishing Calls
Jody Westby / Global Cyber Risk

But her iPhone couldn’t tell — it had lumped the scam calls in with the actual phone call in the Phone app’s recent calls section. That made it look like she had missed several calls from Apple.

She told Krebs that the scam is convincing enough to fool a lot of people.

“I told the Apple representative that they ought to be telling people about this, and he said that was a good point,” Westby told Krebs. “This was so convincing I’d think a lot of other people will be falling for it.”

But the audio message that the calls play provide a different number. Krebs gave it a call and heard an automated system that said he had reached Apple Support. A person soon came on the line. When Krebs asked about the breach, he was put on hold and disconnected.

This isn’t the first report of the sophisticated phishing scam, either. Earlier today, Fantastical developer Michael Simmons said in a tweet that he received a similar call that spoofed Apple’s actual support number.

Like most phishing attacks, the scammers are likely attempting to elicit Apple ID credentials, personal details, or financial information from their targets using social engineering. While many phishing scams are easy to spot, this one is worryingly convincing.

What Should I Do?

We’ve previously written about avoiding phishing scams and Apple has its own resource on the matter. But these new tactics complicate matters.

  1. If you want to avoid being phished, your best bet is to hang up on any unsolicited calls that appear to come from Apple. The firm doesn’t cold call users.
  2. Once you disconnect, contact Apple Support directly through a verified medium and let them know about the call.

As Krebs points out, it is incredibly concerning that Apple’s devices can’t tell a genuine call from a scam one. Though, with the publicity, it’s likely Apple will soon investigate and attempt to mitigate the issue.

Sponsored
Social Sharing