- Phishers target Apple users in new scam to steal Apple accounts
- Scam leverages genuine Apple support emails to trick victims
- Always verify by calling Apple and never hand out authentication codes
Would you trust an unsolicited caller claiming to be from Apple if their call matched genuine alerts from Apple’s own website? That creates a sense of trust, and it’s exactly that sense of authenticity that scammers are exploiting in an active campaign targeting Apple users and attempting to steal their account details.
For Apple user Eric Moret, that risk was all too real. As detailed in a Medium blog post, Moret received a text message out of the blue containing a two-factor authentication (2FA) login code, even though he wasn’t trying to log into any of his accounts. A minute later, he received a robocall from Apple reading a 2FA code out loud. Clearly someone was trying to break in.
Shortly after, Moret received a call from a number in Atlanta. The caller said he was from Apple support, explained that Moret’s account was under attack, and said another representative would call him soon. That happened within ten minutes, starting a “25-minute scam” in which the caller walked Moret through the process of resetting his iCloud password.
Here’s the clever part: The scammer created a genuine Apple support ticket for Moret and asked him to verify that it was from a real Apple email address while he was online. The caller was calm and professional, all reassuring Moret that the process was correct.
Moret was asked to reset his iCloud password and the caller never asked him to share it. However, the next step was decisive: he was told that he would soon receive a text message “with a link to close his case.”
This text arrived and contained a link to a fraudulent website: appeal-apple.com. That website said the process of securing Moret’s account was in progress and that all he needed to do was enter a code to close the case. At that point, he received a six-digit verification code via text message, which he typed into the website.
That was the bait and switch. Instead of closing the case, the number Moret received was actually a 2FA code used to access his account. Seconds after logging in, he received an email that, he says, “made my blood run cold.” The email in question told him that his account was used to log in on a Mac mini, but that he did not own any such device. It was clear that the scammers had gained access to his account and with it “his entire digital life,” including files, photos, emails, and more.
Trying to placate him, the scammer told Moret that this was all “expected as part of the security process,” but Moret was not convinced. Thinking quickly, he reset his iCloud password a second time, after which the Mac mini disappeared from his account and the fake website began redirecting to Google. He had escaped disaster, but just barely.
How to stay safe from attacks like this
The attack worked because the scammers were calm at all times and did not rush or pressure Moret, which could have raised his suspicions.
But the real trick was Apple’s authentic support email, which exploited a flaw in Apple’s systems: anyone can create an Apple support ticket for anyone else, without verification. That means attackers could start a case using Moret’s email address and send Apple’s support email there, giving weight to their plot.
Still, there are ways to protect yourself from attacks like this. The easiest way is to hang up if you get an unexpected call from someone claiming to work for Apple, and then call Apple directly to check if you’re really at risk.
Beyond that, be careful with 2FA codes and never give them to anyone, even if they claim to be from Apple. Never give these codes over the phone or share “confirmation codes” with anyone else. And always check that a website is a genuine Apple domain, not one that simply uses the company name among other URL elements, as the phishers did here.
And if you really want to stay safe and secure, use a hardware security key. These require you to physically connect the key to your computer to verify your identity, something a phisher will never be able to do.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
