Buy Today!
Book Cover
The Music Video
You've got to see it to believe it: Check out the "Mister Spam Man" video at YouTube.
Search Dispatches
Archives
May 2019
March 2019
August 2018
July 2018
June 2018
May 2018
April 2018
December 2017
November 2017
September 2017
August 2017
July 2017
February 2017
March 2016
January 2016
November 2015
May 2015
April 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
April 2013
February 2013
January 2013
December 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
Dispatches RSS Feed
Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« April 2018 | Main | June 2018 »

May 10, 2018

Apple-Branded Telephone Scam Permalink

Although this blog is primarily about email and messaging spam or other crime, I believe the information below about a telephone scam is very important.

At the root of this scam is the fact that it's almost as easy to spoof Caller ID as it is the From: field of an email message. In this case, the scammers spoof Caller iD to look like a legitimate number belonging to Apple Technical Support (800-275-2273). This really is Apple's number, but only for calls going to Apple.

The call is a robocall, with a computerized voice saying something along the line of the following (plus or minus poor grammar):

This call is in regards to your Apple account. Our server has detected some suspicious hacking activity on Apple account. Please do not use your Apple devices until you speak with an Apple support representative. Please refrain using financial activity on devices. In order to speak with an Apple support representative right now, please press 1, or else call us back on our toll-free number 1-877-252-8067. I repeat at 1-877-252-8067. Thank you.

If you get tricked into pressing 1 or calling back on the provided number (note, it's different from the Caller ID number, and may vary from the one shown above), you will be guided to hand remote control of your device to the criminal, who will then lock up your machine and its data. To unlock the device, you will be instructed to buy gift cards, and provide the ID numbers to the crooks.

It's extortion, plain and simple, and it will ultimately require you to talk with the real Apple Support to reset your passwords. More than just your day will be ruined.

Some recipients of this phone message knew right away it was a scam because they had no Apple devices or accounts. They're the fortunate ones in this regard. But even lots of Windows users have iTunes accounts, and fear that they've been hacked—when, in truth, they have not.

So, how do you know if you've really been hacked without getting caught up in this scam? Simply log into whatever account(s) you might have that require your Apple ID via Apple software (e.g., iTunes, App Store, iBooks, iCloud, etc.). If there is a problem with your account, you'll find out about it there. But 99.999999% of the time, you'll experience no difficulty, and you have not been hacked. Ignore the phone message, and go on with your life.

Please spread this warning around far and wide.

Posted on May 10, 2018 at 02:04 PM

May 07, 2018

Elaborate iTunes Store Receipt Scam Permalink

So many crooks are lazy, even the phishers who want to trick you into giving up your login credentials to valuable accounts. But the latest iTunes account credentials grifter created a nearly believable and sophisticated-looking email message designed (as is so often the case) to accomplish two things:

  1. Raise your blood pressure by tricking you into thinking someone has already hacked your account and ordered stuff you don't know about.
  2. Trick you into clicking a link whose destination will prompt you to enter your Apple ID and password

Your Apple ID can be pretty valuable, especially if you have preloaded your account with money of your own or gift cards. A determined crook can use your ID to get to other personal information, try to reset your email address and/or password, and even order stuff from the Apple Store (hardware goodies) shipped to them as a gift.

Without further ado, here is the phishing email that caught my attention:

iTunes Receipt Phishing email

Adrenalin-pumped recipients may overlook the grammar and spelling mistakes out of fear for either being charged for stuff they didn't buy or that their iTunes or Apple Pay account may have been hacked. Neither is true, of course, and you can look at your list of purchased items in your iTunes account to prove it to yourself. Additionally, legitimate iTunes receipts never include a "Cancellation Order" link—getting a refund is a royal pain.

But the clincher, as shown in the image above by rolling the cursor atop one of the links, is that the links do not point to apple.com. On a touchscreen device, tap and hold your finger atop a link until the URL pops up for preview.

So, it's important not to freak out while your blood pressure rises with these kinds of scams. Take your time, study the message, and, whatever you do, don't click on any link or attachment.

Posted on May 07, 2018 at 08:56 PM