For those that didn’t hear, owners of iPhones are being targeted in the latest call spoofing campaign. A bad actor is placing calls to iPhones that make it look like the call is coming form Apple. The caller ID is showing Apple’s correct information to include address and web site. If answered, the individual is informed that Apple has had a data breach and that the person needs to call an 866 number.
Like many social engineering type attacks, this relies on creating a sense of urgency for the victim that causes the victim to make a rushed decision and call the 866 number. It is likely that the victim would then be induced into paying for some service or other. Apple has stated that they do not contact customers in this manner. Personally, I have started “verifying” people that call me. In other words, I tell them mail me what ever it is that is so important and then I call the customer service number I get off of the companies web site. What other suggestions do you all have for avoiding bad phone actors?