Compared to Google's Android ecosystem, Apple iOS is the safest sanctuary for mobile users against malware and other cyber-related crimes. But, lately, hackers are upping their game to breach the high-walled garden of the iOS.
In the latest attempt, a well-organised cybercrime syndicate tried to dupe an Apple iPhone owner Jody Westby, but fortunately, the latter was an expert in the aforementioned field and easily thwarted it.
Jody Westby is the CEO of Global Cyber Risk LLC, a Washington, D.C. based security consulting firm. "Westby received an automated warning call on her iPhone that Apple suffered a security breach on multiple servers compromising Apple user ID details and was asked to call the 1-866 before doing anything else on the iPhone" KrebsOnSecurity blog reported.
Apparently, Westby had received similar a day before but ignored it. Now, after hearing the call, she immediately went through the caller ID details. It had an almost immaculate description of an authorised call enough to fool ordinary consumers. It had Apple Inc. With the logo, accurate Apple Support number and office address, but the eagle-eyed Westby noticed the company's website address had just 'http', which gave the fact it was a fake. [Note: All secured and original company websites have 'https'].
Westby later called up the official Apple Support and got to know that last call was not from an authorised help centre, but most likely a scam. Westby urged the concerned person to escalate the issue to the higher-ups and let the other consumers know of this phishing attempt.
Also read: Everything you need to know about Phishing
KrebsOnSecurity took the phone details sent to Westby and dialled 866-277-7794. Then, they apparently were received by an automated message saying they have reached Apple Support and require them to wait for one minute 30 seconds to meet the customer care executive. After the time-gap, a person with an Indian accent spoke asked the KrebsOnSecurity personnel reason for the call. The latter said to have received warning message of Apple server breach and is here to know about his Apple User ID is safe or not. To that, the executive asked to wait for a minute. But, probably getting a hint this call might be a spoof from a knowledgeable person, he disconnected it.
Though this attempt didn't bear any fruits to unearth the scam, there is ample evidence of organised crime syndicate trying to phish financial details or syphon money by charging fees for non-existent issue on iPhones.
Here's how to protect yourself from phishing attacks on iPhones or any smart devices:
- Make sure you have reputable anti-virus software on your PC and phones
- Also, keep your email app (Gmail) on the mobile updated at all times (Google regularly releases anti-phishing security patches for Gmail on both Android and iOS versions)
- Never respond to emails from an unknown person and it goes without saying, never click the URL links present in that mail
- If you have downloaded a file from a mail, make sure to scan it again with the anti-virus app
- If email sender is not related to you or your work. Tag the mail as spam and block them.
- Make sure you have registered your mobile number with the bank so that you get credit/debit alerts every transaction you make
- Never ever open a website with non-https URL (Uniform Resource Locator)
- Never ever divulge User ID, Password, OTP, URN, Debit Card Grid values with anyone on email or SMS
- Always remember no bank or IRS (Internal Revenue Service) in the US (Income Tax in India) official or Apple customer care for that matter, will ever ask you to divulge bank card or credit card details on a phone call or an SMS or an email. If there is an issue, you should always go to your bank branch or nearest IT office or Apple Store for enquiry.
