Cybercriminals are using phishing emails to deceive Apple users into calling fake customer support numbers. Security researchers say the scam is spreading rapidly. Reportedly, fraudsters use convincing Apple branding and fake purchase alerts to create panic among users.
The phishing emails usually claim that an expensive Apple product or Apple Pay transaction was made from the recipient’s account. Users are then asked to call a support number immediately to cancel the order or secure their account.
The fake support line functions as a trap the moment users call it. Fraudsters aim to obtain vital personal information. This includes Apple ID passwords, bank account details, and one-time passwords and verification codes. The scammers also convince victims to install remote access software, which they then use to take control of the device.
The fraudulent scheme succeeds as the email messages used in the scam appear authentic. The messages contain fraudulent invoices and order IDs, Apple logos, and urgent alerts. Thus, creating a sense of emergency that makes users skip their verification process.
According to Apple’s official guidance, users should never trust phone numbers or links mentioned in unsolicited emails or text messages. Instead, they should verify transactions directly through their Apple account or official Apple Support channels.
As reported by KnowBe4, users need to follow these tips to avoid falling for this phishing scam:
If you receive an unexpected email claiming that someone used their Apple account to make a purchase, do not call any phone number listed in the email. Instead, go directly to Apple's official website or open the Settings app on the device to check account activity.
Read emails carefully, even if they seem to come from a legitimate source. Unusual formatting or grammatical errors can be warning signs of a phishing email.
Always stop and think before reacting. Cybercriminals often create a sense of urgency to try to pressure people into making fast decisions.
Moreover, the researchers have issued a warning that current phishing attacks use legitimate notification systems, making it difficult for users to identify scammers.
Also read: Top Cybersecurity Companies in Dubai