Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

New phishing scam masquerades as Apple support call

The latest scam targeting Apple device users is particularly insidious, appearing to come as a call from the company's real phone support number, according to a well-known security researcher.

Those affected are getting a message from a robodialer claiming their online ID has been compromised, Brian Krebs explained on Friday. Checking the iOS Phone app shows the caller as "Apple Inc." and the number as 1-800-MY-APPLE, just like AppleCare. In fact people who have recently been in contact with the authentic AppleCare will see scam calls listed under the same history.

One person targeted by the scam, Global Cyber Risk CEO Jody Westby, called the "1-866" number mentioned in the message, encountering first an automated system but then a real person, who ultimately placed Westby on hold before disconnecting.

Prior to that call Westby had got in touch with an AppleCare representative, who confirmed that the original call was a fake.

Krebs suggests that that as in most phishing incidents the scammers are likely baiting people into handing over personal details or to get direct payment for bogus services. While blocking the robodialer isn't an option for people who need to talk to Apple, the scam should nevertheless be easy to detect, since Apple doesn't cold-call its support clients and the reply number in the message isn't associated with the company.



19 Comments

wood1208 10 Years · 2938 comments

Scammers have been using caller ID number manipulation for a long time. In past, I have received(fake) calls with ID/number displayed coming from IRS, Homeland security, Immigration, town police department and my own phone number displayed as me calling me.

urashid 6 Years · 128 comments

I received a phishing email from a seemingly authentic looking domain:


The phishing link uses some URL shortening / redirecting service so it still appears as https.  Kinda clever.

Didn't do a good job with the language but I hear that is on purpose.

king editor the grate 15 Years · 662 comments

urashid said:
Didn't do a good job with the language but I hear that is on purpose.

Really? That's the thing that is an instant tip-off.

roundaboutnow 13 Years · 755 comments

My 92 year old dad was getting a ton of calls with "Apple, Inc" in caller ID the day after Christmas. He has no Apple devices whatsoever, so it was an obvious scam.

I happened to search spoofing just a little while ago and found this:
https://docs.fcc.gov/public/attachments/DOC-355848A1.pdf

Some action may be forthcoming, but the document above seems more about clarifying definitions, and asking for further comments.

Apparently, there are legitimate reasons to spoof Caller ID. For example, "domestic violence shelters sometimes alter caller ID information to ensure the safety of their residents." I think law enforcement may do this too. There are already rules that forbid fraudulent use, but they are ignored. Maybe finding some other way to legitimately protect callers without spoofing can be figured out, then the current spoofing technique can be disabled entirely.

MplsP 8 Years · 4047 comments

Caller ID spoofing is getting to be a major problem - it's time they actually come up with a better system that prevents it.