phishing


'phishing' Articles

Apple Store in Southern California Warning Customers About Fraudulent Phone Calls

Apple is warning customers who receive unsolicited phone calls claiming to be from the Apple Store at The Americana at Brand shopping complex in Glendale, California, as fraudsters appear to be posing as representatives of the store as part of a phishing scheme aimed at stealing customer information. The following automated message plays when calling Apple The Americana:Apple is aware that some customers are receiving unsolicited calls claiming to be from this Apple Store. If you receive an unsolicited call, you should not provide any information to the callers. For more information on cybercrime and ways to protect your computer, visit www.fbi.gov/investigate/cyber. Also, if you feel you have been a victim of fraud, please contact your local police. If you would like help changing your Apple ID password, please visit support.apple.com.Apple did not immediately respond to our question asking if any customer information has been compromised, but it did point us to a previous instance of this warning at its River Park Square store in Spokane, Washington in October 2017. In that case, the local CBS affiliate KREM 2 reported that customers in Spokane received phone calls from a number that appeared to be the local Apple Store, advising they talk to a "support advisor" who informed customers about a false "breach in cloud security" in an attempt to steal their information. Our understanding is that Apple temporarily adds this automated message to stores associated with an increase in fraudulent behavior in an effort to protect customers. Apple is far from the only

Apple Phishing Scams Growing More Advanced, With Latest Spoofing Apple Phone Numbers

Phishing scams attempting to get info out of Apple users are nothing new, but scammers are growing more clever and scams are getting harder to distinguish from actual Apple communication. On his Krebs on Security site, security researcher Brian Krebs today outlined one of the latest phishing scams he's seen, where an incoming phone call appears to be from a legitimate Apple support line. As described by Krebs, Jody Westby, CEO of security consulting firm Global Cyber Risk, received an automated call on her iPhone warning her that services containing Apple user IDs had been compromised. The message asked her to call a 1-866 number, and in the Phone app, the call looked like a call from Apple, with the number listed as 1(800)MYAPPLE, the name listed as Apple Inc., and with Apple's Infinite Loop website. Westby contacted Apple support via the official Apple Support page and asked for an employee to contact her. She was assured that the call was not legitimate, but when looking in her recent calls list, she saw that real support call had been lumped in with the fake call. Original scam call info on the left, with scam call info lumped in with actual Apple support call on right. The scammers spoofed Apple's phone number and the iPhone was unable to distinguish between the real and fake calls, making it look like Westby had, in fact, been contacted by Apple multiple times, when that was not the case. Westby told Krebs that this is a convincing scam that people may fall for."I told the Apple representative that they ought to be telling people about this, and he

Developer Demonstrates iOS Phishing Attack That Uses Apple-Style Password Request

Developer Felix Krause today shared a proof of concept phishing attack that's gaining some traction as it clearly demonstrates how app developers can use Apple-style popups to gain access to an iPhone user's Apple ID and password. As Krause explains, iPhone and iPad users are accustomed to official Apple requests for their Apple ID and password for making purchases and accessing iCloud, even when not in the App Store or iTunes app. Using a UIAlertController that emulates the design of the system request for a password, developers can create an identical interface as a phishing tool that can fool many iOS users.Showing a dialog that looks just like a system popup is super easy, there is no magic or secret code involved, it's literally the examples provided in the Apple docs, with a custom text. I decided not to open source the actual popup code, however, note that it's less than 30 lines of code and every iOS engineer will be able to quickly build their own phishing code.Though some of the system alerts would require a developer to have a user's Apple ID email address, there are also popup alerts that do not require an email and can recover a password. The phishing method that Krause describes is not new, and Apple vets apps that are accepted to the App Store, but it's worth highlighting for iOS users who may not be aware that such a phishing attempt is possible. As Krause says, users can protect themselves by being wary of these popup dialogues. If one pops up, press the Home button to close the app. If the popup goes away, it's tied to the app and is a