Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Hacker allegedly posed as Apple Support to scam user out of $1,500

A Pennsylvania iPhone user claims that her call to Apple Support was intercepted by a hacker who proceeded to remotely install apps and transfer money out of her bank account.

Donna Francis, of Baden, in Beaver County, western Pennsylvania, says that she initially ignored an incoming call purporting to be from "Xfinity Apple Support." When she later called Xfinity directly, the company had no knowledge of her alleged call, and recommended that she phone Apple. Xfinity does not have an Apple support division.

Francis then says she dialed the support number on Apple's website which she said she got from her packaging from the iPhone. She says that the call was answered by a woman who took down her information, and then was routed through to someone who warned her about hacking attempts.

"He said, 'You don't want to waste any time, people from Russia and China are hacking into your account,'" Francis told Pittsburgh Action News. "He said, 'They've just charged $5,000 to your account."

With that information, the person on the phone persuaded Francis to allow the fraudster to remotely install software onto her iPhone.

"Before I knew it," she continues, "he was opening up my Huntington [bank] account and I said, 'Why are you opening up my Huntington account?' He said, 'This is where I think they're taking money.'"

"He was sending $1,498 — that's what I had in my account — to himself," says Francis. "And I said, 'What are you doing? You're supposed to be helping me!'"

Reportedly the person then ended the call and Francis appears to have permanently lost almost $1,500. According to Pittsburgh Action News, the local bank branch manager said it looks to the bank as though she approved and sent the money to this person.

Francis has reported the incident to the bank, the local police, and the FBI. Pittsburgh Action News also contacted the FBI, saying that the number Francis reportedly dialled is the correct Apple Support one, so it must have been intercepted.

"I think that's probably technically possible," an FBI official is reported to have said. "But we aren't seeing any trends of huge incidents of that happening locally or nationally."

How to protect yourself from a similar fraud attempt

The incident is not one where hacking tools were applied directly to the iPhone, nor applied without an interaction by the phone's user. Instead, this attack was executed by a combination of perhaps a cell intercept, paired with a social engineering attack, convincing the user to install the remote access software. The report isn't clear about which remote access software was installed, or how it was done.

In regards to the caller ID information saying that it was some sort of Xfinity Apple Support — US caller ID information isn't always reliable. It isn't difficult for a fraudster to spoof a caller ID display, for a number that a user doesn't have in their Contacts on an iPhone.

If it were some kind of cell intercept, the FBI's information about not seeing a trend is significant because a scam that nets $1,500 is not worth the cost of any potential intercept hardware.

Assuming Francis separately looked up Xfinity's number rather than tapping on her iPhone's Recents to call back, then Xfinity reporting that they don't have an Apple Support desk should have been the end of the entire matter.

Furthermore, Apple support or security personnel won't ask users to install remote access software, because there is no legitimate reason to do so. Instead, they recommend an Apple Store visit to evaluate the device.

Additionally, Apple support personnel would have no information on any ongoing hack of a user's bank in real-time.



13 Comments

tokyojimu 531 comments · 17 Years

What is this iPhone remote control app that the scammers used? I would love to be able to do that to help my mom. I use TeamViewer on the Mac, but wasn’t aware of any similar software for the iPhone.

DAalseth 3066 comments · 6 Years

Something about this story doesn’t add up. 

M68000 887 comments · 7 Years

When I think about how scam calls are able to come through with fraudulent and incorrect phone numbers showing up - it makes my blood boil.  These people doing this need to be found and put in jail for a long time.  The telecom companies must find a way to put a stop to this either through hardware or software or a combination of both.   Multi billion dollar telecom companies need to do something NOW.  

horvatic 144 comments · 17 Years

Well for one, Apple Support will not call you out of the blue. You need to contact them first. Two, Apple does not use Xfinity at all so that is a very big scam warning right there.
Three, I don't know of any remote control software for any iPhone. So something doesn't add up in this story and how did that person get all of the banking information to take that money. 

dysamoria 3430 comments · 12 Years

M68000 said:
When I think about how scam calls are able to come through with fraudulent and incorrect phone numbers showing up - it makes my blood boil.  These people doing this need to be found and put in jail for a long time.  The telecom companies must find a way to put a stop to this either through hardware or software or a combination of both.   Multi billion dollar telecom companies need to do something NOW.  

Absolutely. There’s no excuse for this insanity to just be left alone. It’s just more laissez-faire “let the market decide” BS allowing the communications companies to do virtually NOTHING. Then there’s Ajit Pai... Who has replaced him?

How is it that our lawmakers don’t find this phone situation to be an egregious systemic problem just from their own personal experiences?? Do they not handle their own phones?

This is part of what makes me feel like my society is just plain insane. We seem to have zero governance over this shit.