Posted on February 27, 2021 at 5:00 PM
A recent report has revealed that some hackers are claiming to represent Apple support to scam victims. According to an iPhone user based in Pennsylvania, a hacker intercepted her call to the Apple support team who later transferred money from her bank account after installing malicious apps on her phone.
The user, Donna Francis, stated that she initially did not respond to the calls coming to her phone screen as “Xfinity Apple Support”. But she later called the company directly before being told they have no knowledge of the call. She was asked to call iPhone directly to confirm the call since there is no Apple support division for Xfinity.
Francis later got the Apple support number from the packaging she got from iPhone. She said she called the number and a woman picked the call and took down her details. She was then redirected to another person who advised her about hacking attempts.
With the information, the user on the other line asked Francis to permit the cybercriminal to install software on her phone remotely.
Criminals transferred $1,498 from her bank account
She added that the criminal started logging into her bank account, saying it’s where they are taking the money.
Francis added that the criminal was transferring all her funds in the account ($1,498) to himself. When she confronted the scammer and demand answers as to why they are taking her funds, she said the scammer ended the call.
A report of the incident showed that the scammer succeeded in transferring Francis’s funds from her bank to his own account.
The incident has been reported to the FBI, the local police, and the bank. The bank also confirmed that it looks like Francis had approved the transfer of her funds to the account.
An investigation into the incident showed that Francis did dial the right Apple Support number, but the only explanation here is that the call could have been intercepted.
An FBI official stated that it’s technically possible to intercept a genuine call. But he stated that the incident is not a common one whether locally or internationally.
Hacking tools were not used for the incident
This incident is different from other incidents known by their use of hacking or ransomware activities. There was no use of a hacking tool directly applied to the user’s phone.
Investigation revealed that the incident was executed via social engineering attack as well as phone interception. The threat actors deceived the users into installing remote access software.
But the report didn’t specify how the attack was done or which remote access software was used.
Users should be more vigilant
Although the caller ID information stated that the call was from Xfinity Apple Support’ it probably isn’t. that’s because US caller ID information is not always reliable. Some criminals can easily alter the caller ID details to make it look like they are calling from a different location.
Any kind of scam that profits the scammer only $1,500 are probably not worth an intercept malware, so the FBI could be right that the incident is likely a one-off fraudulent activity not linked to any group.
Also, the investigation revealed that the incident may have been averted if Francis had looked up Xfinity’s genuine number instead of tapping on her iPhone’s call history to call back.
The incident would have been managed earlier without allowing the scammer to illegally transfer her money.
Another indication is the fact that the genuine Apple security personnel or support is unlikely to ask a user to install remote access software since there is no legitimate reason for such action. In several cases, the Apple support team usually asks the user to visit Apple Store to evaluate the device.
Besides, Apple support is unlikely to have any real-time information about an ongoing hack of a user’s bank since that is not their jurisdiction, the report stated.