BrianKrebs on Nostr: If you're an Apple user and I spoof your phone number in a call to the legitimate ...
If you're an Apple user and I spoof your phone number in a call to the legitimate Apple Customer Support line (800-275-2273), I can force Apple to send you a system level "Apple Account Confirmation" prompt to all of your signed-in devices.
This approach is commonly used by a prolific voice phishing group to convince targets they really are in a support call with an Apple representative.
Today's deep dive into this weird world was made possible in part by a series of live phishing videos, tutorials and other secrets that show in unprecedented detail how these voice phishing scams can be so convincing.
Please share this story widely, because I learned a ton reporting this and frankly the various methods used by these groups to dox and target people are really slick.
From the story: "Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices."
https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/
https://youtu.be/F44un1_y2fs
This approach is commonly used by a prolific voice phishing group to convince targets they really are in a support call with an Apple representative.
Today's deep dive into this weird world was made possible in part by a series of live phishing videos, tutorials and other secrets that show in unprecedented detail how these voice phishing scams can be so convincing.
Please share this story widely, because I learned a ton reporting this and frankly the various methods used by these groups to dox and target people are really slick.
From the story: "Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices."
https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/
https://youtu.be/F44un1_y2fs