Telephone scams involving Apple and its services are nothing new, but few have so much potential to fool even attentive users like this one, recently described by the CEO of security consulting firm Global Cyber ??Risk, Jody Westby.
The executive says that, a few weeks ago, she received an automated call stating that the security of her Apple ID was compromised and she should contact Ma through a number informed in the call itself. Westby naturally took a step back, but when he saw the information on the phone he had just contacted, surprise: the Phone app showed him as a number on his own Apple, with the Ma logo, Cupertino address and everything.
Still suspecting, the executive contacted Apple's real support, requesting a call through the official website of the service. Speaking with a real Ma specialist, she confirmed that the previous call was fake and that the company never gets in touch via calls, especially automatic calls.
Westby contacted the security researcher Brian Krebs, who called the number provided on the first call and spoke for a few minutes with an Indian-accented attendant; when informing that the call was about a possible security breach in an Apple account, however, the attendant put the call on hold and disconnected moments later.
It is not very difficult to imagine that an unsuspecting user, upon realizing that the first number to contact Apple apparently, will believe the whole story and pass on all their access data to the attendant on the second call. What no one knows at the moment is how the scammers managed to list a number that is not from Apple as the company's suspicion of some kind of manipulation on search engines and listing of commercial establishments, sources from which Ma takes the information to display the information. information of the number calling you.
So, let us always be attentive: nothing to go out trusting anyone who calls saying it is Apple or any other company; The recommended procedure is to contact the company by other means, such as email or the official website, and check if that link is legitimate before informing any personal data.