A new voice phishing scam is targeting iPhone users in a clever new way: by making calls appear to be coming directly from Apple Support.
Brian Krebs reported today that a user, Jody Westby, received a call from Apple Support asking her to call her back. The contact information that came along with the number appeared to be Apple Inc. on the identity screen for the call. When she called 866, however, something was clearly wrong.
KrebsOnSecurity called the number that the scam message asked Westby to contact (866-277-7794). An automated system responded and said that I had reached Apple Support, and that my expected wait time was approximately one minute and thirty seconds. About a minute later, a man with an Indian accent answered and asked the reason for my call.
As part of someone who had received the fraudulent call, I told him that I had been alerted to a violation at Apple and that I needed to call this number. After asking me to wait for a brief moment, our call was disconnected.
Surely, this is just another scheme to separate the unsuspecting from their personal and financial details, and to extract some kind of payment (for supposed technical support services or some of them). But it’s surprising that Apple’s own devices (or AT&T, which sold you the phone) can’t tell the difference between a call from Apple and someone trying to fake Apple.
The exploit is unique in that it allows callers to impersonate other callers by essentially polluting search results with junk information that makes a number look like a real business contact number. The number Westby was instructed to call is a known phishing source. Remember: if someone calls you saying that their computer is broken, they are most likely lying. After all, support people will never be proactive when it comes to problems with their computers, only reactive (if that is).