Hacker allegedly posed as Apple Support to scam user out of $1,500

Apple iPhone

Donna Francis, of Baden, in Beaver County, western Pennsylvania, says that she initially ignored an incoming call purporting to be from "Xfinity Apple Support." When she later called Xfinity directly, the company had no knowledge of her alleged call, and recommended that she phone Apple. Xfinity does not have an Apple support division.

Francis then says she dialed the support number on Apple's website which she said she got from her packaging from the iPhone. She says that the call was answered by a woman who took down her information, and then was routed through to someone who warned her about hacking attempts.

"He said, 'You don't want to waste any time, people from Russia and China are hacking into your account,'" Francis told Pittsburgh Action News. "He said, 'They've just charged $5,000 to your account."

With that information, the person on the phone persuaded Francis to allow the fraudster to remotely install software onto her iPhone.

"Before I knew it," she continues, "he was opening up my Huntington [bank] account and I said, 'Why are you opening up my Huntington account?' He said, 'This is where I think they're taking money.'"

"He was sending $1,498 — that's what I had in my account — to himself," says Francis. "And I said, 'What are you doing? You're supposed to be helping me!'"

Reportedly the person then ended the call and Francis appears to have permanently lost almost $1,500. According to Pittsburgh Action News, the local bank branch manager said it looks to the bank as though she approved and sent the money to this person.

Francis has reported the incident to the bank, the local police, and the FBI. Pittsburgh Action News also contacted the FBI, saying that the number Francis reportedly dialled is the correct Apple Support one, so it must have been intercepted.

"I think that's probably technically possible," an FBI official is reported to have said. "But we aren't seeing any trends of huge incidents of that happening locally or nationally."

How to protect yourself from a similar fraud attempt

The incident is not one where hacking tools were applied directly to the iPhone, nor applied without an interaction by the phone's user. Instead, this attack was executed by a combination of perhaps a cell intercept, paired with a social engineering attack, convincing the user to install the remote access software. The report isn't clear about which remote access software was installed, or how it was done.

In regards to the caller ID information saying that it was some sort of Xfinity Apple Support — US caller ID information isn't always reliable. It isn't difficult for a fraudster to spoof a caller ID display, for a number that a user doesn't have in their Contacts on an iPhone.

If it were some kind of cell intercept, the FBI's information about not seeing a trend is significant because a scam that nets $1,500 is not worth the cost of any potential intercept hardware.

Assuming Francis separately looked up Xfinity's number rather than tapping on her iPhone's Recents to call back, then Xfinity reporting that they don't have an Apple Support desk should have been the end of the entire matter.

Furthermore, Apple support or security personnel won't ask users to install remote access software, because there is no legitimate reason to do so. Instead, they recommend an Apple Store visit to evaluate the device.

Additionally, Apple support personnel would have no information on any ongoing hack of a user's bank in real-time.