Posted on 04/12/2016 8:29:34 PM PDT by Swordmaker
Apple Phishing scam doing the rounds
Phishing is a technique used by cybercriminals that fishes for sensitive information via email and now mobile.
Apple users should be on high alert after a fresh SMS phishing scam was exposed that uses sophisticated online trickery in an attempt to compromise Apple ID credentials. Commenters on social media first reported the issue in early April after receiving a suspicious text message that read: "The Apple ID associated with this number is due to be terminated. To prevent this, please confirm your details at supportatapple.com Apple Inc."
Screenshot of the Apple phishing scam being sent to mobile users via text messageScreenshot /Graham Cluley
Phishing is a popular technique used by cybercriminals that 'fishes' for sensitive information via email and now mobile by purporting to be sent from a legitimate contact or business and fooling an unsuspecting user into clicking a malware-ridden link. Often, these scams are bolstered by information gleaned from social media profiles such as Facebook, LinkedIn and Twitter to appear convincingly personalized.
In this latest case, if a user clicked the embedded link they would be sent straight to a replica website that has been created to mirror the real Apple login page. However, as security-conscious web users would quickly notice, the URL for the page is appleexpired.co.uk and, upon inspection, is not an official link.
If clicked through, the user would be asked to input personal information including date of birth, telephone number, address, and credit card details to 'verify' their account. Yet as reported by security researcher Graham Cluley, no matter what was entered the website would bring up a message saying the Apple ID had been 'locked for security reasons'. At the same time, all your data would be sent straight to the server of the cybercriminal responsible for setting up the scam.
"The phoney website... is designed to grab your personal information and pass it straight on to online criminals," said Cluley, who also posted images of the fake website in question. "They could use those details to commit fraud, or sell your credentials on to other crooks on the computer underground. That's obviously even worse news if you have made the mistake of reusing your passwords across the net."
He added: "One obvious question remains. Where did the attackers get the list of names and mobile phone numbers from to target their potential victims with the initial phishing SMS message?" IBTimes UK contacted Apple for comment however had received no response at the time of publication.
While most security-minded internet users are unlikely to easily fall for such a scam, unsuspecting victims may not be accustomed to the common warning signs of phishing scams such as dodgy URL links, bad grammar or unsolicited requests for personal information.
Indeed, according to a fresh Internet Security Threat Report released by Symantec on 12 April, phishing is becoming an effective cybercrime technique. "Cybercriminals are increasingly moving towards more complex email threats, where malware authors, ransomware creators, fishers, and scammers will seek to exploit what they perceive to be the weakest link in the chain humans," the detailed annual report found.
Furthermore, for firms that perhaps should know better, phishing remains a viable threat. Recently, technology firm Snapchat was successfully targeted by such an attack that resulted in the loss of internal payroll data of its California-based employees.
Everyone should be on high alert and not talk with anyone claiming to be from some computer support group that you didn’t call first.
I have a laptop and get calls from people claiming to be from Microsoft support group.
Naturally I tell them I am not interested and hang up.
Pinging dayglored for his ping list for PC people who also use iPhones.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
I had a nice conversation with a woman at the FBI and she gave me a website to report the incident. The website is really intuitively named so victims of this scam can find it easily:
You can see how any one can figure out how to find that, just from it's name, can't you? NOT! TIGTA stands for Treasury Inspector General for Tax Administration. . . and that's even really intuitive to find. The FBI gal and I had a good laugh over it as well.
I played the scam guy along for a while before he hung up on me.
You can tell by the URL that it is fake. Phishing catches stupid people. You have to wonder how they were smart enough to have anything worth taking.
Good idea! This is a nasty one... and I'm one of those "PC people who also use an iPhone" myself...
Any other iPhone users among us Windows users? Look out!! ... PING!
Thanks to Swordmaker for the ping!!
Phishing also catches the huge number of people who don't analyze whether a URL is exactly the same as the real company's, even assuming they have the background to do so. And those people, whether "stupid" or merely "uninformed", are in the VAST majority.
Show a left-hand-thread bolt to 100 people and ask them to describe it. 99 will only tell you "It's a bolt", and if you're lucky, 1 in 100 will mention "with a left-hand thread".
You (and I) might say "Well you can tell by the angle of the thread that it's left-handed", but the vast majority of people don't even know what to look for.
Same with URLs.
I hope the .UK URL would have alerted me.
The ones who call pretending to be from Microsoft are told that I don’t even own a computer.
I got a call once from "Windows, Inc" trying to tell me that my computer was infected. . . "Windows, Inc?" sez I, "aren't they the people who make all those great Microsoft computers?"
"Yes sir." he sez. "We do indeed!"
"Why, I have one of their best models. . . a Microsoft Mac. . . right here in front of me!"
"Yes, sir! That's the computer we're calling you about. It's infected with a dangerous EXE virus and we need to help you get rid of it. I need you to go to the START button on the bottom left of your screen. . . "
Me: "Uh, what's a 'start' button? I don't see any 'start' button."
He: "It's on the tool bar at the bottom, on the left."
Me: "The only thing I see is a square blue and white face with a smile on it that pops up with a lot of other icons. Is that it?"
He: "What? No. . . let's try this. Are you already running Internet Explorer?"
Me: "No. What's an Internet Explorer? Is that a game?"
He: "It's a browser. You use it to browse websites on the Internet. You don't use Internet Explorer? What do you use?"
Me: "Oh, I use Safari. Why, what does it matter?"
He: "What anti-virus are you running?"
Me: "I don't. Mac's don't need any."
He: "But we called because our scan showed your Windows computer is infected with viruses, malware, and adware . . . "
Me: "No, YOU called to scam me, because I don't HAVE a Windows computer. . . "
CLICK!
Sounds like you had fun with that chump.
They didn’t fool me with this scam. Just shows how naive most Apple buyers are. They think they buy immunity when they buy Apple’s outrageously overpriced products. As PT Barnum said, “A sucker is born every minute”
You don't have any Apple products, Baron. All you have in stock are lies.
Anyone fool enough to buy overpriced apple devices can afford to be ripped off by Bulgarians and Nigerians fishing exploits. They need to eat too!!! And have large families.
A TOOL AND HIS MONEY ARE SOON PARTED!
The FBI paid professional hackers to crack the San Bernardino terrorist's iPhone, it has been reported.
Researchers are believed to have created a piece of hardware which could get around the four-digit pin code jihadi Syed Farook used to get into the device.
They were able to design the technology after they found a flaw in Apple's software that had not been previously discovered, the Washington Post reported.
The hackers also managed to get into the phone without triggering a security feature that would have erased all of the data.
Sources told the newspaper they were paid a one-time fee for the work.
http://www.dailymail.co.uk/news/article-3537229/FBI-paid-professional-hacker-break-San-Bernardino-terrorist-s-iPhone.html
Priceless!
I'd enjoy hearing your conversation with tax scammer.
That is very funny Swordmaker. Sometimes it’s fun just to play with them a bit.
Here is one of my favorites:
https://www.youtube.com/watch?v=kAb8vGSRBoE
Trust the Baron Dennis Won Munchausen to turn it into an insult to all Apple users.
Very interesting article if true, Dennis. But what is even more interesting is that what was described there is a FEDERAL CRIME which the FBI is charged with tracking down, arresting, and bringing those who commit such crimes to justice!
White Hat crackers survive because they report the hacks they find to the manufacturers of the devices they hack so the vulnerability can be patched. Black hat and gray hat hackers are CRIMINALS, selling their hacks to people who intend to use them for profit. That is a crime as defined by FEDERAL LEGISLATION. If he FBI facilitated such an act, without arresting those responsible, they they are just as responsible for committing the act. No wonder they do not want to reveal who supplied the unlocking of the iPhone 5C.
All they had to do was ask the Chinese government since Apple had no problem at all giving the Chicoms the source code.
My daughter had her IPhone and IPad bricked when someone called in that they were stolen.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.