Tuesday, August 14, 2018

Beware of iOS Phishing Scam that Promises to Connect You to "Apple Care"

Ars Technica Logo.png
The smart people at website Ars Technica lately have uncovered and reported on a pretty sneaky way that bad guys are using to attempt to get users to give away their personal data.
As I’ve preached here many times, usually the most vulnerable chink in the security armor, is the human one.  Social engineering goes back about as long as humans do and nobody knows that quite like the nefarious types that inhabit the online criminal world.
To that end, now the crooks have come up with a way to trick iPhone users into calling into the bad guy call centers and actually “volunteering” to give away their information.
Are tells us:
This particular phish, targeted at email addresses associated with Apple's iCloud service, appears to be linked to efforts to fool iPhone users into allowing attackers to enroll them into rogue mobile device management services that allow bad actors to push compromised applications to the victim's phones as part of a fraudulent Apple "security service."
So… basically the user is tricked into thinking their phone is compromised and will be shutoff unless they call a number.  Once you call, they use social engineering tactics to get your username and password or to install rogue applications.  Either way, once that happens… they own your device.
So be alert!  There are lots of scams out there and the only reason they exist is because, sadly, they work on more than enough honest people to make the effort profitable.
Here’s a link to the entire Ars Technica story on the issue.  It’s a somewhat complicated read due to some short descriptions on coding & the web pages involved, but I feel it’s well worth your time to read it.

No comments:

Post a Comment