Several months back, iPhone users were warned not to answer calls from Apple unless they had specifically requested one through the official Apple online support page.
The reason behind Apple's warning
This was due to sophisticated spoofed support calls coming in droves that had the goal of obtaining access to users' Apple iCloud accounts. The fraud was so elaborate, tricks like the inclusion of the Apple logo, address, and correct support telephone number were used.
Does any of this ring a bell? If not, it's cool. We got you covered on everything you need to know about this scam.
An elaborate scam
We're living in a vulnerable security age occupied by rampant robocalls, as spammers find elaborate ways to annoy and con you out of your money, privacy, or both. As with the iCloud scam, all calls claiming to protect your account were outright phishing, like what you'd typically see in your email's inbox. These scammers are clever in the sense that they know most folks don't expect voice to be used with something so technical. They employ tactics like caller-ID spoofing that impersonates the real telephone number they claim to represent. This tactic has been used fraudulently as "Apple support," or in some instances, "AppleCare" and "Apple customer service."
How do people fall for this?
By showing the Apple logo, the scammer's goal is that the person answering the call will be less suspicious than if they were taking a call from an unknown name and number. This ploy is a favorite among scammers as they attempt to gain trust from a potential victim. Unfortunately, this tactic works. What happened in this iCloud breach was a bunch of calls with a recorded message lying about accounts being compromised went out to random users. All calls direct the user to call another fictitious number posing as Apple support to fix the issue.
What happens if I complete all the call prompts?
It's the classic bait and switch. Once users go through the call prompts and confirm their iCloud account credentials, it's over. It's like handing over the keys to your house to a stranger.
What is Apple doing about it?
The official Apple support on Twitter has been bombarded with tweets from concerned users worried about this whole iCloud scam situation. Because of this, Apple posted some tips on how to avoid scammers on the support section of their site.
Perhaps the most critical part of Apple's advice is the assurance it gives suspected victims, saying "If you get an unsolicited call from someone claiming to be from Apple, hang up and contact us directly." This approach works for people who are less technologically inclined.
Apple has been forced to address all security matters much quicker than they have in the past, especially with recent concerns over its iOS platform. Security and privacy is something Apple holds near and dear to its brand, as it has become a huge differentiator when compared to its competitors.
How can I avoid being scammed?
In the end, know that Apple will never ask you for your Apple ID password, iCloud credentials or verification codes to provide you with support. Regardless, to be on the safe side, we recommend setting up two-factor authentication to your iCloud. This provides an extra shield of security to your Apple ID and iCloud credentials.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!