My call with a Fake Apple Support artist

in #sequrity6 years ago (edited)

It was, no exaggeration, the sixth call on my landline(!) in two hours. Each time, “Molly’s” soothing voice informed there was “a breach in my Apple iCloud account.” The recording recommended I hit “1” to talk to a “support adviser.”

The first few times I got this call, I hung up. The third time, I hit “1” and when the support adviser with a thick Indian accent got on the line asking how he could help, I told him I wasn’t sure, adding, “I was responding to a call you made to me.” He quickly hung up.

For some reason, this did not deter them, and they called again and again. Finally, I decided to play along.
I waited patiently until a support adviser joined the line. He told me the support alert originated from “Apple’s Automated Server,” which had identified a breach or compromise of my iCloud account.

To help me, the support adviser told me, he’d have to investigate my systems and account.

Obviously, I knew he had no interest in helping me and every interest in accessing my personal info. I wanted to know how he planned to do this and, within reason, to get as close to his end-game as possible, without jeopardizing my system or computer.
If you’re wondering how I knew this was a scam call, there were many obvious tell-tale signs.

· He was calling my home phone. Apple doesn’t have that number anywhere in its system.

· Apple would never call me. In the event of a breach, they might contact me directly through email and ask me to check my account and change my password (they would not send a link).

· I have two-factor authentication enabled on my i-Cloud account. Anytime I sign into a new device, I must authenticate it on another physical Apple device that I already have in my hand.
Since I didn’t challenge my support adviser in his contention that I was under attack, he plowed ahead and asked me if I was on my computer. I was. I set up my Surface Pro, so I could take notes during our call.

“Do you connect to public Wi-Fi?” he asked me.

“I connect to my home Wi-Fi,” I answered, though I knew what he was asking.

“No, I mean when you are out.”

“Yes,” I said, sounding ashamed, “I connect to those Wi-Fi networks.”

He said that’s probably where the attack originated.

As we spoke, I could hear voices in the background and envisioned a large room full of “support advisers” carefully reeling in dozens of potential scam victims. How many, I wondered would end up duped?
The support adviser asked about my Web browser and then told me to find my search bar, clear it out (again, I let him guide me, so I seemed like I knew something, but not a lot, about technology) and then type in this exact phrase: “establish support connection with apple.”

I asked him to hold on as I was typing slowly. In reality, I was opening an incognito Web browsing page for a bit of added security.

“I’m on my Windows computer. Will you still be able to diagnose my Apple devices through it?”

“Yes.”

I typed in the phrase “establish support connection with apple.” The first result was, “Establish Support Connection — GoToAssist” from FastSupport.com. I clicked the link and landed on a surprisingly Austere page. On it was just two text-entry boxes and a large blue “Continue” button.
“This doesn’t say Apple,” I told the Support Tech. “Is Fast Support owned by Apple?”

“Yes,” the support adviser lied.

I hit continue and watched as it downloaded GoToAssist install file.

“It downloaded a file,” I told him.

“No, no, it just wants to connect to your computer.”

“No. There’s now a file here on my PC. Will it harm my computer?” I asked, trying to sound a little nervous and confused.
“No.”

He was right. Simply installing the app, GoToAssist, would not directly harm my PC. The software is developed by the very legitimate LogMeIn, which has been giving people (including me) remote access to their computers for decades.

I sat there staring at the file. It might have been a malware-filled executable masquerading as GoToAssist, but I was pretty sure system infection wasn’t the goal. According to other similar reports on Apple’s own, real support site, these scammers are mostly trying to identify fake problems, so they can sell useless and expensive software and warranty programs.

“Sir are you still there?” my support adviser asked.
“Oh, yes, sorry, my computer is just slow.”

I installed and soon had a screen that said “apple support” was requesting to connect to my PC.

I quickly decided that this was a step too far. If I connected to this bozo, he’d have access to my system and could basically do whatever he wanted.

He started pushing.

“Sir, connect, so we can scan your computer. It is necessary to join with the Apple session. After connecting to a secure line for Apple, we’ll get into your secure devices.”
I stalled.
“So, I have to connect so you can figure this out? I’m confused. You keep talking about a problem, but I don’t know what the problem is.”

The support adviser kept his cool and pressed on, “We’re only able to find it after we diagnose the real root cause of this problem.”

“Okay,” I said, “but you keep talking about ‘this problem’ and yet I don’t know what it is.”

The support adviser told me that there’d been 25 separate attempts from various locations to access my account.
“But if they were attempts and you rebuffed them, then you’re doing your job and I’m safe, right?”

“Sir,” the support adviser continued as exasperation creeped into his voice, “they will keep trying and eventually get your personal, private information.”

By this time, we’d been on the phone 15 minutes. I knew that under no circumstances could I establish this connection and give him control to my computer. The jig was up.

“So,” I said, “I connect to you and then you can access this computer and basically dig around for my personal private information.”

“No, sir. We’re trying to help you.”
“I have a better idea. I’ve had the FBI on the other line, listening in and recording. [A lie, but since he was lying, too, I didn’t feel too bad about it]. They’re thrilled that I kept you on the line so long and have your information and location.”

My support adviser had grown silent, but he was still on the line.

“Pack your bags and enjoy your time in jail.”

click

My “Apple” support adviser hung up and hasn’t called again.apple-1839363_1920.jpg