A recently discovered type of iOS phishing scam is adopting some interesting new tactics — and you should be on the watch for them.
The phishing attack was first reported by Ars Technica’s Sean Gallagher. At first glance, it might appear similar to previous Apple-related scams: it uses a phishing email to push users to a fraudulent Apple website.
That website informs potential victims that they device has been “locked due to detected illegal activity.” It also instructs them to call a fake support number to get their account and device “unlocked.”
But the scam also displays a system dialog box with the fraudulent phone number. It’s the exact same “call or cancel” box that pops up when you legitimately tap on a phone number in iOS.
Gallagher actually called the number while reporting on the scam to get more information about it. Apparently, he was connected to someone who identified themselves as “Lance Roger from Apple Care.” Lance Roger reportedly got suspicious and hung up.
In addition, Ars Technica noted that the scam appears to be related to another malicious attack that uses compromised mobile device management services to push malware onto a user’s device.
- The scam is first sent out via email to addresses associated with Apple iCloud, Ars Technica reports.
- That email will be formatted to look like an official iCloud correspondence. It will maliciously tell users that their accounts may have been compromised or accessed by a third-party, saying that “someone just used your password to try to sign into your profile.”
- The email will then attempt to get users to click on a link, which redirects a browser to a fake Apple Support page.
- On iPhones, this dialog box is for a standard cellular call. But on iPads and iPod touch devices, it might instead open a dialog box for a FaceTime session.
- Adding another layer of fake authenticity, the webpage will also display the user’s device type and model.
- Presumably, once victims are connected to the fake number, the attack will carry on like a traditional tech support scam — which could lead to a compromised account or stolen funds.
Jeremy Richards, a threat intelligence researcher at Lookout, told Ars Technica that mobile phishing attacks are more likely to succeed because users tend to be distracted or inherently trusting of their smartphones.
- The first step is to be suspicious of any email or other correspondence that appears to be from Apple.
- You should not click on any links within unsolicited emails, or tap “call” on a dialog box that appears without your input.
- If you didn’t choose to initiate a phone call, tap Cancel.
Also, take note of the small details. An attacker might claim to be from “Apple care” — which is a nonexistent entity.
AppleCare is a warranty service, while support technicians are part of Apple Support. Those types of small inaccuracies can give a scam away if you pay attention.
Again, if in doubt, don’t tap on anything. If you’re concerned about your account security, your best bet is to contact Apple directly from a legitimate URL — like Apple.com or iCloud.com.