Earlier on Monday, my wife let me know that “Apple Support” had called about iCloud security. She was dubious, and rightly so. “Apple” then called five more times (and counting). Suffice it to say, it wasn’t Apple, but fraudsters trying to piggyback on reports that a major breach of iCloud credentials could render hundreds of millions of accounts vulnerable.
Apple says no such breach occurred, and security researchers, like Troy Hunt of HaveIBeenPwned.com, say the group trying to extort Apple likely has reused credentials from other sites’ password leaks. (We recommend turning on two-factor authentication at iCloud regardless.)
However, media reporting an potential iCloud security failure makes unsolicited calls claiming to be from Apple more credible. My wife wasn’t taken in, but also didn’t immediately dismiss the call. She hung up, and then told me about it. We have Apple devices and both use iCloud, and we have regular issues with iCloud not working precisely as we expect.
While Macworld readers may already know these sorts of calls are a scam, it’s vital to alert friends, family, and colleagues about such calls and help immunize them from falling for it. Many of these services sound and act professional, and have been victimizing Windows users for years.
Below are some of the “tells” for me that it was a fraud, and that you can teach others about:
Apple called unsolicited: I’ve never had Apple call me—a consumer—for any reason I can recollect unless I called them first, and it’s always a human being calling back. Apple notes this on its phishing tips page: “If you get an unsolicited call from someone claiming to be from Apple, hang up and contact us directly.” (Microsoft, Google, and others never place unsolicited calls, either.)
The call was automated: The call used a fairly cheap sounding computer-synthesized voice. An Apple automated call would be much higher quality, and probably use a real person (or at worst, a Siri…