As phishing scams become increasingly sophisticated and better able to mirror the brands they’re impersonating, it can be difficult for an informed recipient to spot some of the telltale signs of fraud. A new report suggests scammers have found a way to manipulate even caller IDs to appear similar to that of Apple support.
Security writer Brian Krebs reported on an Apple scam call reportedly received by Jody Westby, the CEO of a cybersecurity consulting firm. According to Krebs, Westby “received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised,” which then directed her to call a 1-866 number. This might seem like enough of a red flag to brush the call aside, save for the fact its caller ID showed up in her phone with Apple’s real support number, web address, and street address. What’s more, her phone reportedly couldn’t tell the difference between the scam call and Apple’s real support line. Per Krebs’ report:
Westby said she immediately went to the Apple.com support page (https://www.support.apple.com) and requested to have a customer support person call her back. The page displayed a “case ID” to track her inquiry, and just a few minutes later someone from the real Apple Inc. called her and referenced that case ID number at the start of the call.
Westby said the Apple agent told her that Apple had not contacted her, that the call was almost certainly a scam, and that Apple would never do that — all of which she already knew. But when Westby looked at her iPhone’s recent calls list, she saw the legitimate call from Apple had been lumped together with the scam call that spoofed Apple.
Krebs said he contacted the number provided to Westby in the automated message and was briefly connected with someone before the call was disconnected. Krebs said be believed that the scam was intended to solicit personal or financial details from unsuspecting victims.
This call is concerning for, as Krebs noted, its apparent ability to fool Apple devices or the phone’s carrier AT&T—or both—into grouping scam calls in with legitimate support lines. Westby may have been tipped off by any number of red flags, but told Krebs that the call “was so convincing I’d think a lot of other people will be falling for it.”
The Apple scam seems particularly sophisticated, but even those with obvious warning signs can lure in unsuspecting targets. Earlier this week, a phishing scam masquerading as a PayPal giveaway was promoted on Twitter for at least 30 minutes before it was taken down. And in December, the U.S. Federal Trade Commission warned of a phishing scam disguised as a support email from Netflix. In most cases, these schemes are merely numbers games.
As Krebs notes, if a call raises any real concern that a device has been jeopardized, the best thing to do is contact the support line on the company’s website to avoid falling victim to potentially phony numbers being surfaced through search engine manipulation.