Avoiding a Sophisticated Phishing Scam

One evening, I was caught off guard by a series of password reset prompts on my Apple devices, despite having Lockdown Mode enabled. This was the start of a sophisticated phishing attempt documented by Krebs in 2024. The attackers cleverly used Apple's legitimate password reset flow to spam my account. They even went as far as contacting Apple Support, impersonating me to open a real case, which triggered genuine Apple emails to my inbox.

The real twist came when 'Alexander from Apple Support' called me. He was calm, knowledgeable, and initially offered sound security advice, which made him seem credible. However, his true intentions became clear when he sent me a link to a fake Apple site, audit-apple.com, which was a perfect replica of Apple's interface. The site displayed a fake chat transcript and a Sign in with Apple button, all part of the scam.

I realized something was amiss when I could enter any case ID on the site and get the same result. It was all a charade. I confronted 'Alexander' about the phishing attempt, and he promptly hung up. Fortunately, I had recorded part of the call, which Jamie Marsland used to create a video demonstrating how convincing 'Alexander' was.

To help others avoid falling for such scams, remember these rules: never approve unsolicited password-reset prompts; Apple will never call you first; and always verify URLs in emails claiming to be from Apple. Genuine Apple Support URLs are apple.com and getsupport.apple.com. Awareness is your best defense against these attacks.

Thanks to Peter Rubin and Jamie Marsland for their assistance in sharing this experience.