Apple Warns iPhone Users Not To Answer Apple Support Calls

Apple

uncaptioned

iPhone users have been warned not to answer calls from Apple unless they have specifically requested one using the official Apple online support page. This comes off the back of a rash of spoofed support calls that have become increasingly sophisticated in their efforts to get access to Apple iCloud accounts. How sophisticated? How does displaying the Apple logo, address and correct support telephone number grab you? Here’s what you need to know.

The scam

The telephone calls are straightforward phishing, the same as you will have seen countless times in your email no doubt. They have more success because most people still aren’t expecting voice to be used in such social engineering scams. The scammers employ caller-ID spoofing techniques so as to impersonate the real telephone number of the service they claim to be representing. Most commonly as far as this particular threat is concerned that will be Apple support, although I have been told by those on the receiving end of such calls that AppleCare and Apple customer service have also been used in an attempt to gain the trust of the victim.

By spoofing that number and displaying the Apple logo, the fraudsters hope that the person answering the call will be less suspicious than if they were taking an unsolicited call from a number they didn’t recognize. This kind of brand recognition leverage is high on the phishing 101 list of ways to garner victim trust. It’s why telephone scams supposedly from Microsoft support, which don’t have the same trust-enhancing methodologies, tend to be less successful. As the fact-checking site Snopes confirms, “if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support web page, the fake call gets indexed in the iPhone’s recent calls list as a previous call from the legitimate Apple Support line.”

The bait will vary but is always going to be a variation on the theme of your account has been compromised, there’s been a data breach or there has been suspicious activity in your iCloud account. The latest bunch of these calls have been automated with a message informing the user to call a number that purports to be Apple support, complete with estimated waiting times and convincing welcome messages and call purpose options. Sometimes the user will be asked to “press 1” to connect to a support advisor. In all cases, the danger to your data story will be spun out and you will be asked to confirm your iCloud account credentials.

What Apple says

The Apple support presence on Twitter is, unsurprisingly, getting regular tweets from concerned iPhone users who have received such a call and want to know if it is genuine and their accounts have been compromised. The response is most always the same: “Your security is our number one priority. You can find more information about phony calls and learn how you can report them by following the steps from this article here.”

If you follow that link it will take you to a support post entitled “Avoid phishing emails, fake ‘virus’ alerts, phony support calls, and other scams” which has a section covering suspicious telephone calls. Apple says that users should always verify a caller’s identity before providing any personal information. However, while that advice might seem logical it is often harder in practice than it sounds. As I’ve already pointed out, the scammers are getting increasingly sophisticated in their methods of convincing potential victims that they are genuine. Caller-ID spoofing makes it ever harder to separate fiction from reality. I think Apple could easily delete most of the advice it gives in this section and just leave the final line: “If you get an unsolicited call from someone claiming to be from Apple, hang up and contact us directly.”

Apple will never ask you for your Apple ID password, iCloud credentials or verification codes in order to provide you with support. Simple as. Never. And talking of verification codes, Apple also advises iPhone users to activate two-factor authentication as an additional layer of security to protect your account.

[“source=forbes”]