Highly Sophisticated Apple Vishing Scam Identified

A sophisticated Apple vishing cheat has been exposed. Contrary to most phishing attempts that use electronic mail, this cheat used voice calls (vishing) with the calls seeming to have come from Apple.

The cheat begins with an automatic voice call to an iPhone that parodies Apple Inc. The caller display demonstrates that the call is from Apple Inc., enhancing the probability that the call will be replied. The user is instructed that there has been a safety breach at Apple and user IDs have been compromised. Users are advised they must stop using their iPhone until the problem has been solved. They are requested to call back Apple support for additional information and a different telephone number is provided for this purpose.

The cheat was informed to Brian Krebs (KrebsonSecurity) by a lady who had received such a call. Krebs phoned the number provided, and the call was replied by an automatic system. He was then redirected to an “Apple” customer service agent with an Indian pronunciation. After being placed on hold, the call was disconnected. Although the purpose of the attack was not decided, Krebs thought this was an attempt to get identifications over the telephone.

Vishing is usually used in tech support cheats which claim the user has a malware infection that needs the downloading of (fake) antivirus scanning software. That software is often spyware or malware, or the user is forced to pay for help in getting rid of the malware.

This iPhone vishing cheat varies from previous cheats as the call seems to have come from Apple Inc., and is shown as such on the iPhone, together with actual contact information (address, website, and telephone number).

The lady who received the call doubted it was a cheat and requested a call back from Apple support through the official Apple webpage. The customer service rep suggested the lady that it was most likely a cheat and that Apple doesn’t communicate customers by phone to inform them of safety breaches.

When the call was finished, the official call was grouped together with the scam call in the call history, further indicating that all calls – the cheat call and the official call from Apple – were all genuine. It is upsetting that even though different phone numbers were used for each call, the iPhone was unable to differentiate them. The lady who received the call was the CEO of the security company Global Cyber Risk LLC and was therefore well conversant in the methods used by scammers to get confidential information. However, less safety conscious people might be deceived by such a persuading Apple vishing cheat.