- Phishers target Apple users in new scam to steal Apple accounts
- Scam exploits real Apple support emails to deceive victims
- Always verify by calling Apple and never hand out passcodes
Would you trust an unsolicited caller claiming to be from Apple if their call matched real alerts from Apple’s website? This creates a feeling of trust, and it is exactly this feeling of authenticity that fraudsters exploit in an active campaign targeting Apple users and attempting to steal their account details.
For Apple user Eric Moret, this risk was all too real. As detailed in a Medium blog post, Moret received a text message out of the blue containing a two-factor authentication (2FA) login code, even though he wasn’t trying to log into any of his accounts. A minute later, he received an automated call from Apple reading a 2FA code out loud to him. Someone was clearly trying to break in.
Shortly after, Moret received a call from a number in Atlanta. The caller said he was from Apple Support, explained that Moret’s account was under attack, and said another representative would call him soon. This happened within ten minutes, triggering a “25-minute scam” in which the caller guided Moret through the process of resetting his iCloud password.
Here’s the clever part: the scam caller created a real Apple support ticket for Moret and asked him to verify that it came from a real Apple email address while he was on the line. The caller was calm and professional, and everything reassured Moret that the process was flawless.
Moret was asked to reset his iCloud password and the caller never asked him to share it. But the next step was decisive: he was told that he would soon receive an SMS “with a link to close his file”.
This text arrived and contained a link to a fraudulent website: appel-apple.com. This website indicated that the process of securing Moret’s account was underway and that he only needed to enter a code to close the case. At that point, he received a six-digit verification code via text message, which he entered into the website.
It was the bait and switch. Instead of closing the case, the number Moret received was actually a 2FA code used to access his account. Within seconds of entering, he received an email that, he says, “made my blood run cold.” The email in question told him that his account was being used to log in on a Mac mini, even though he did not own any such device. It was clear that the scammers had gained access to his account, and with it “his entire digital life”, including his files, photos, emails and much more.
Trying to placate him, the scammer told Moret that this was all “expected as part of the security process,” but Moret was not convinced. Thinking quickly, he reset his iCloud password a second time, after which the Mac mini disappeared from his account and the fraudulent website started redirecting to Google. He had escaped disaster, but barely.
How to protect yourself from attacks like this
The attack worked because the crooks remained calm and did not rush or pressure Moret, which could have aroused his suspicion.
But the real kicker was the genuine Apple Support email, which exploited a flaw in Apple’s systems: anyone can create an Apple Support ticket for anyone else, without verification. This means that attackers could launch a procedure using Moret’s email address and receive the Apple Support email there, which would give weight to their plot.
However, there are ways to protect yourself against such attacks. The easiest thing to do is hang up if you get an unexpected call from someone claiming to work for Apple, then call Apple directly to see if you’re actually at risk.
Beyond that, be careful with 2FA codes and never distribute them to anyone, even if they claim to be from Apple. Never give these codes over the phone or share “confirmation codes” with anyone else. And always check that a website is a genuine Apple domain, not one that simply uses the company name among other URL elements, as the phishers did here.
And if you really want to stay safe, use a hardware security key. These require you to physically connect the drive to your computer in order to verify your identity – something a phisher will never be able to do.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
