The New Year has brought us a new scam, and thankfully, it’s all over the news. I’ll keep this short because it is being reported widely, but I do want to add my own two cents. What’s happening is that spoofers are calling people pretending to be from Apple.
What is Spoofing? If you’ve ever heard of a movie spoof, it’s a movie that imitates characters from another movie, and the characters are imitated poorly for comedic effect. In the context of technology, spoofing is when communication is sent from an unknown source imitating a known source. But in this context, it’s not funny. It’s basically Phishing, only instead of a fraudulent email, it’s a fraudulent phone call.
Spoofers have figured out how to make it so your caller ID makes it look like you’re receiving a call from Apple. What compounds this, is that many people have a contact card saved in their Contacts for Apple (Apple put it there). When these spoofers call you, your iPhone matches the caller ID with the contact card on your iPhone and displays Apple’s info, making the call look authentic.
So what do they want? Oh, maybe they want you to know that credit card on file with the App Store is about to expire, or maybe they want to inform you that your Apple ID account is missing information and so they need to verify your password. I haven’t talked to them, but it really doesn’t matter what they want, the bottom line is this: Never ever give sensitive information to someone over the phone when they have called you!
Think about it… why would Apple call you? Perhaps if you called them for help and you’ve asked that they call you back, or perhaps your Mac is at the Apple store being repaired. Even still, why would they need your Apple ID password, or your credit card information? They don’t need that information, and they’re not going to call you randomly to ask for it.
So what should you do? I already mentioned the most important thing to NOT do, but the next thing you should do is delete Apple’s contact card from your iPhone. I’ve never used it, and I bet most people have never used it either. This may not be enough though, the spoof call will still display Apple’s number, even if your Apple contact card is not there to authenticate it. A few other things you can do; don’t answer the phone if it seems suspicious, or, if you do speak to someone and it sounds legitimate, politely hang up the phone anyway, and call back using a number you know and trust.
Be safe, be smart, and spread the word!