Perhaps it’s just a result of the holiday season, but it seems that scammers are once again ramping up their efforts to deceive users into giving up sensitive personal information — this time by making calls purporting to be from Apple and Amazon.
A recent consumer information bulletin published by the U.S. Federal Trade Commission is warning consumers about these robocalls, which have been on the rise lately in an attempt to try and get users to provide details such as credit card numbers and account passwords.
The FTC has posted two examples of the most common versions of the scams in its bulletin, although there are most certainly other tactics that scammers are taking as well.
The first example is a call that purports to be from Amazon, with a recorded message telling recipients about a suspicious, “unauthorized” purchase from their Amazon account, in this case, an “iPhone XR 64GB for $749” while then saying that “to cancel your order or connect with a customer support representative” they should press “1” or remain on the line.
The FTC notes that other versions of this are also making the rounds, including messages that claim lost packages or problems fulfilling recent orders.
In the second example, a recorded message from “Apple Support” claims that there has been “suspicious activities in your iCloud account” and “that your iCloud account has been breached,” encouraging you to immediately contact an Apple support advisor “before using any Apple device” by pressing “1” to connect to an Apple Support advisor or contacting them later at a supplied “toll-free” number (that actually isn’t a toll-free number).
While the FTC bulletin doesn’t go into any specifics about what happens next, it’s not too hard to figure out that the bogus “Amazon customer support representative” or “Apple support provider” will likely start asking for personal information such as credit card numbers and passwords in order to cancel your alleged Amazon order to help secure your supposedly hacked iCloud account.
In both scenarios, the scammers say you can conveniently press 1 to speak with someone (how nice of them!). Or they give you a phone number to call. Don’t do either. It’s a scam. They’re trying to steal your personal information, like your account password or your credit card number.FTC Consumer Information Bulletin
The FTC goes on to provide some blunt advice for how to deal with such calls, which can’t be emphasized enough — simply hang up.
Don’t even waste your time pressing “1” to speak to anybody or calling a phone number they give you. If you actually suspect that there could be a problem, you can easily contact Amazon, Apple, or any other company using a known phone number or website.
However it’s worth noting that Amazon does not call customers via telephone to confirm orders or address problems with orders — this is always done via email — and similarly, Apple does not address iCloud account security problems in this manner either. If an iCloud account has been compromised seriously enough to warrant Apple taking this kind of action, Apple would simply lock out the account entirely and wait for you to call them.
Fighting Robocall Scams
The Federal Trade Commission (FTC), Federal Communications Commission (FCC) and various other U.S. government agencies have been working for years on implemented technologies such as SHAKEN/STIR that promise to help aggressively block these kinds of robocalls, and in fact at this point, all of the major U.S. carriers are required to implement the system by the end of June, 2021, although Verizon has already been proactively working with Apple to implement built-in call filtering features in iOS 14.
That said, as promising as SHAKEN/STIR is, it won’t eliminate all types of robocalls, since it’s only designed to authenticate the number displayed on your iPhone’s incoming Caller ID, making sure that it’s not being spoofed. So while SHAKEN/STIR will prevent a scammer calling you from a number that looks like it’s officially Apple or Amazon support, it won’t prevent them from simply using another throwaway number that looks like it could be legitimate.
At the end of the day, however, the best defense against such scams is to recognize them for what they are, and never give out any personal information over the phone unless it’s on a call that you’ve placed to a number that you know for certain is trustworthy and valid. You can also try a service like Call Control, which uses AI to intelligently block spam calls.