1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Scammers are starting to target iPhones with clever phishing attacks

By Cal Jeffrey
Jul 30, 2018
Post New Reply
  1. Now it appears that these con artists are trying to break into the mobile scene with convincing warnings and websites targeted at iOS devices. The scammers use a phishing email to direct users to a fake Apple website.

    According to Ars Technica, “The intricacy of the phish and the formatting of the webpage could convince some users that their phone has been 'locked for illegal activity' by Apple, luring users into soon clicking to complete the call.”

    It appears that the scammers are trying to lure users into signing up for a fraudulent Apple “security service.” However, it really allows the bad actors to push malicious apps to the user’s phone.

    The emails are cleverly designed to look like official iCloud communications. One example reads:

    “[username], Critical alert for your account ID 7458. Sign-in attempt was blocked for your account [email address]. Someone just used your password to try to sign in to your profile.”

    Below the warning was a “Check Activity” button which linked to a compromised website for a men's salon in India.

    The user is then redirected through a couple of other sites before landing at an official-looking Apple Support page. However, the domain name "applesecurityrisks" is highly suspicious. This page uses Javascript to trigger a dialog box on an iPhone to place a phone call to “Apple Care.” On other Apple devices, the script tries to launch a FaceTime call.

    It also pushes a warning screen to the device saying it has been “locked due to illegal activity” (above image) in the hopes of scaring users into completing the call.

    When Sean Gallagher with Ars Technica called the number, he was greeted by someone calling himself "Lance Roger, and he claimed to be an Apple Care technician. Gallagher tried to root out more information during the call but the man got suspicious and hung up on him.

    Ars Technica alerted Apple to the scam, and the website has since been tagged as “deceptive” by Google and Apple.

    Image courtesy Ars Technica

    Permalink to story.

     
  2. jobeard

    jobeard TS Ambassador Posts: 12,208   +1,361

    Well done & thanks for the text of the Phishing attempt.
     
    Cal Jeffrey likes this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...