Maybe you like fishing, but you certainly don't like phishing. That is the use of a fake document sent via email or text, that appears to be a real request for information from a company you trust. For example, if you bank with Wells Fargo, you might receive an email from the bank that looks legit, and asks for certain information (like a social security number) for some reason. For example, the email could say that Wells Fargo needs your social security number because of a computer glitch, or because it needs to confirm the number every few years. Once the hackers get that number from you, they could empty your bank account. Other phishing ploys tell you that you need to make a certain call, or visit a certain website to correct a problem.

According to KrebsonSecurity, a new phishing scheme is trying to separate Apple iPhone users from their hard earned money. One iPhone user who was targeted turned out to be Jody Westby, the CEO of security firm Global Cyber Risk LLC. Westby received a recorded call on her iPhone that appeared to be from Apple. When she answered the call, a tape message said servers containing Apple ID numbers had been compromised, and that she had to call a specific 1-866 number before using her iPhone again. The information generated by the call (see image at the bottom of this article) would have tricked most people into believing that it came from Apple since it contained the correct address in Cupertino, and the real customer support phone number. There was one minor change that most people wouldn't have noticed; there was no "s" at the end of the "http" in the web address.

Westby called the real Apple Support number and was informed that the call she just received did not come from them, and was a scam. Meanwhile, KrebsonSecurity dialed the number that the message from the fake call had told Westby to dial (866-277-7794). That number was answered by an automated system claiming to be Apple Support, and eventually a man speaking with an Indian accent picked up the phone. The caller said that he was told to dial this number because of a problem with his Apple ID, and the bogus Apple Support rep hung up.

While it isn't obvious from what went down in this situation, the intention is to use the fake call to get an unsuspecting iPhone owner to call the bogus Apple Support number and pay for some unnecessary tech support. So be forewarned. If you answer a call from a number you don't know, and the caller starts asking for personal and financial information, or wants a credit card number to pay for some sort of tech support, hang up immediately.

Screenshot 2019-01-06 11.34.52.jpg

Data generated by a fake call claiming to be from Apple. Note the incorrect web address. The other two calls not highlighted were from Apple