The security blog, Krebs on Security by prominent security expert Brian Krebs recently reported a new phone-based phishing scam that spoofs Apple Inc. The scam starts with iPhone users receiving an automated call that despite being spoofed, displays the Apple logo, correct phone number, street address and web address (minus the “s” at the end of https://). The message warns of a data breach at Apple where several servers containing users’ Apple IDs have been compromised. The message concludes with a request to immediately stop all activity on their device and call 866-277-7794 to talk to an Apple customer support representative.
One iPhone user who received such a call was Jody Westby, CEO of Global Cyber Risk LLC. After receiving the automated call, Westby went to the Apple.com support page and requested to have a customer support person call her back. Shortly thereafter, a legitimate Apple agent called and confirmed that Apple had not contacted her, that the call was most likely a scam, and that Apple doesn’t deliver news of a data breach via the phone. But when Westby later looked at her iPhone’s recent calls list, she saw the legitimate call from the Apple Support line was lumped together with the scam call that spoofed Apple.
As scams grow more sophisticated and scammers search for new ways to appear legitimate, phone users, whether Apple users or not, are reminded to be wary of phone calls from unknown numbers. Phone phishing scams will generally invoke a sense of urgency to catch people off guard and thus increase the odds that victims will hand over sensitive personal and financial information.
BBB offers these tips to identify and avoid phishing scams:
- If something sounds suspicious, confirm it by calling the company directly or checking the company website. Don’t click on links in an unexpected email – type the URL for the company into your browser or do a web search to find the right website.
- Don’t click, download, or open anything that comes from an anonymous sender. This is likely an attempt to gain access to your personal information or install malware on your computer.
- Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Always be wary of unsolicited messages that don’t contain your name, last digits of your account number or other personalizing information.