Jan 13, 2019
A sophisticated Apple vishing cheat has been found. Contrary to most phishing attempts that use electronic mail, this cheat used voice calls (vishing) with the calls seeming to have come from Apple.
The cheat begins with an automatic voice call to an iPhone that parodies Apple Inc. The caller display demonstrates that the call is from Apple Inc., enhancing the possibility that the call will be replied. The user is advised that there has been a safety breach at Apple and user IDs have been compromised. Users are informed they must stop using their iPhone until the problem has been solved. They are requested to call back Apple support for additional information and a different telephone number is provided for this reason.
The cheat was informed to Brian Krebs (Krebs on Security) by a lady who had received such a call. Krebs telephoned the number provided, and the call was replied by an automatic system. He was then redirected to an “Apple” customer facility agent with an Indian pronunciation. After being placed on hold, the call was disconnected. Although the purpose of the attack was not decided, Krebs supposed this was an attempt to get identifications over the telephone.
Vishing is usually used in tech support cheats which claim the user has a malware infection that needs the downloading of (bogus) antivirus scanning software. That software is often spyware or malware, or the user is needed to pay for help in getting rid of the malware.
This iPhone vishing cheat differs from previous cheats as the call seems to have come from Apple Inc., and is shown as such on the iPhone, together with actual contact information (address, website, and phone number).
The lady who received the phone doubted it was a cheat and requested a call back from Apple help through the official Apple webpage. The customer help representative advised the lady that it was most likely a cheat and that Apple doesn’t get in touch customers by telephone to inform them of safety breaches.
When the call was finished, the official call was grouped together with the cheat call in the call history, further indicating that all calls – the scam call and the official call from Apple – were all genuine. It is perturbing that even though different phone numbers were used for each call, the iPhone was not able to differentiate them.
The lady who received the call was the CEO of the safety company Global Cyber Risk LLC and was for that reason well conversant in the methods used by scammers to get confidential information. However, less safety conscious people may be deceived by such a persuading Apple vishing cheat.