Phishing attempts targeting Apple users are certainly nothing new, but a report today from ArsTechnica highlights the growing creativity that scammers are using. The report points to how a fake Apple website went as far as to pop-up a system dialog box prompting the user to call “AppleCare.”
Sylvania HomeKit Light Strip
ArsTechnica explains that this attempt is targeting email addresses associated with iCloud services by emailing a “critical alert” for a blocked sign-in attempt. In the email is a link to check account activity.
When you click that link, you’re taken to website that disguises itself as Apple’s own support website. You don’t actually get too far on that site, however, as iOS will immediately pop up with a system dialog box that prompts a call to “AppleCare.”
India-based tech support scams have taken a new turn, using phishing emails targeting Apple users to push them to a fake Apple website. This phishing attack also comes with a twist—it pops up a system dialog box to start a phone call. The intricacy of the phish and the formatting of the webpage could convince some users that their phone has been “locked for illegal activity” by Apple, luring users into soon clicking to complete the call.
Once connected with the AppleCare wannabe number, a “support” team member attempts to collect information. In ArsTechnica’s case, they were connected to “Lance Roger from AppleCare.”
Phishing emails targeting Apple account holders are absolutely nothing new, but this one takes an interesting stab at attempting to get users to verbally hand over their account details. While it may look clearly deceptive to me and you – people who are familiar with these types of phishing attempts – it’s certainly easy to see how casual iOS users could be fooled.
Engadget reached out to Apple for a comment on this phishing scam, and the company pointed to a pair of resources on its support website that highlight how to spot phishing emails and phony support calls and tools to manage privacy.