Scammers are starting to target iPhones with clever phishing attacks

[Matrix]

Beware of popup dialogs on your phone that want you to dial a number

 

Be warned: Tech support scams have become so rampant that numerous YouTubers spend all of their time ratting these fake companies out and wasting the time of the scammers in the process. Most of the time Windows PC users are the target, but I have seen some that try to dupe Mac users as well.

Now it appears that these con artists are trying to break into the mobile scene with convincing warnings and websites targeted at iOS devices. The scammers use a phishing email to direct users to a fake Apple website.

According to Ars Technica, “The intricacy of the phish and the formatting of the webpage could convince some users that their phone has been 'locked for illegal activity' by Apple, luring users into soon clicking to complete the call.”

It appears that the scammers are trying to lure users into signing up for a fraudulent Apple “security service.” However, it really allows the bad actors to push malicious apps to the user’s phone.

The emails are cleverly designed to look like official iCloud communications. One example reads:

“[username], Critical alert for your account ID 7458. Sign-in attempt was blocked for your account . Someone just used your password to try to sign in to your profile.”

Below the warning was a “Check Activity” button which linked to a compromised website for a men's salon in India.

The user is then redirected through a couple of other sites before landing at an official-looking Apple Support page. However, the domain name "applesecurityrisks" is highly suspicious. This page uses Javascript to trigger a dialog box on an iPhone to place a phone call to “Apple Care.” On other Apple devices, the script tries to launch a FaceTime call.

It also pushes a warning screen to the device saying it has been “locked due to illegal activity” (above image) in the hopes of scaring users into completing the call.

When Sean Gallagher with Ars Technica called the number, he was greeted by someone calling himself "Lance Roger, and he claimed to be an Apple Care technician. Gallagher tried to root out more information during the call but the man got suspicious and hung up on him.

Ars Technica alerted Apple to the scam, and the website has since been tagged as “deceptive” by Google and Apple.

[tao]

[Note: Please don't misunderstand my comment which is not a reaction to your article, which is only a catalyst.]

 

The seeds of destruction are inherent in any construction.  That is:  the dark and light are two sides of the same coin.  More striving for security does nothing but increases insecurity.

 

(It was stated so succinctly, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.")

 

 That's how it is. 

 

@DonyMach1, Thank you.