Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals
A bunch of fraud alert signs and the Apple logo.

Original photo by geralt on Pixabay


Beware Spoofed Calls from Apple

Security journalist Brian Krebs has uncovered a sophisticated new phishing attack: a call that appears to be from Apple and plays an automated message warning of a data breach (for the last such scam, and additional advice, see “Beware “iCloud Breach” Phone Scam,” 23 May 2018). Fortunately, the scammer called Jody Westby of Global Cyber Risk, who knew to hang up and request a call from Apple Support to see if there really was a breach (there wasn’t, of course). The spoof was so convincing that the iPhone’s recent call list confused the call from the scammer with the calls to and from the real Apple.

The best approach at this point is to accept calls only from people or businesses you know personally or when you’re expecting a call. And in general, if you ever do receive an unsolicited but legitimate-sounding call that claims to be from Apple or some other company, hang up, look up the right number on your own, and call back manually.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Beware Spoofed Calls from Apple

Notable Replies

  1. Oh yes, and I have received several variations on the scam. Two days ago I received a thank you for a recent order that I never made for something called “Last Battleground: Mech” I did a search on that title and found an Apple forum (not official) stating this was a scam and to report it to Apple as a phishing scam. I have also received telephone calls and emails stating that my Apple account has been frozen. Best to not respond or click on any links.

  2. Phone scammers spoofing the source of calls is an old thing. Apple is just the latest flavor.

    FCC is offering a bounty ($25K I think) for a tech to trace these back.

    But the core of the problem is the switching design of the world wide phone system expected all connections to be from trusted agencies. VOIP blows that out that premise and so far the only fixes proposed wreak the existing world wide system.

  3. My ISP has NOMOROBO support, it’s decent, but doesn’t really fix the issue (phone still rings, but only once). I have a policy where I will never answer the phone unless it comes from a known source AND is something I am expecting. If it a legit source, they will try and leave a message and I then will always pick the phone up. If my phone announces it is coming from Apple, I will pay attention to see of someone is trying to leave a message, otherwise it’s a robocal plain and simple, wherether it comes FROM Apple or any scammer.

  4. And the phone numbers that show up are from ACTUAL Apple Stores! That is why in the message the crooks give a different phone number to call.

  5. The telcos should not let such calls complete as they can determine whether or not the number shown on caller id is the actual number assigned to the person/location of the call.

  6. On my answering machine the outgoing message starts with the 3 Special Information Tones that denote a non-working number. That is followed by my message: “Due to telemarketing, we no longer answer our phone in person. Please leave a short message after the beep and we’ll get back to you as soon as possible.”

    Between the SIT and the message, telemarketers hangup right away; sometimes even before the the recording has only played for a second or two!

  7. It’s not that simple. In today’s world, many business calls originate over completely different paths (often a completely different “telco”) than those used to terminate calls (where the number is associated).


  8. In that case there should be a “verification” process that it is legit at each switch/handoff with a trace record kept from source to target. If, as you say, that is impossible then I don’t see why everyone is upset at the NSA. :wink:

  9. As I said, the world wide standard for interconnection was built assuming that only trusted “things” would be connected. So if a call setup command said it was from 123-456-7890 then it was trusted to be so. PBX systems were a crack in that system back in the 70/80s.

    The switch from circuit switching to packet switching and then VOIP from almost anywhere broke it entirely. So we now have the mess we have.

    Can we change it? Sure. Get every phone company on the planet to agree. Or even the G50 or G20.

    Yep. Sure thing. After the mess of the “big switch” you’d have a planet where you have at best trusted country codes and un-trusted country codes. But getting to that would be incredibly non trivial.

  10. Hi Dennis

    Regarding answering machine with Non-Working number tones

    I used to have a similar answereing machine (from vTech I think) but after 8 years it died and they no longer seem to offer it.
    Who do you use?

  11. It is sad but the only way to deal with nuisance calls and scammers is to have the answering machine on all the time and monitor it for genuine calls.
    Australia has a government-run “do not call” register that some telemarketers respect but others seem to use it as a source of phone numbers.
    I like the dead-line tone idea at the start of an answering machine message. How do I find a copy of the tone, apart from calling your number? :slight_smile:

  12. Well, I have read and heard about such scams maybe since 2 or 3 years ago, along with those fake Microsoft scams. A little Google search brought me to some reports at filed by people even since 2017. It’s an old scam, folks. I think we all should have been quite familiar with them.

  13. There are several apps that specialize in doing this, mostly for free, so I don’t see the point of having Apple embark on what is clearly a major effort to maintain a new database of spammers, especially in the current environment where the calling numbers are fake and can change with every call.

  14. Jerome, I just recorded the SIT tones from my iMac via iTunes to my answering machine and then continued
    with my message.

  15. That is what I’ve done for years. If we’re home and we recognize the Caller ID, we pick up; if we don’t recognize the CD, then we wait to see if they start leaving a message and again pickup if we recognize who is calling.

  16. Well I thought we were years from such a fix but they have it now. Well sort of. We have a standard that is just now at the start of implementation. And my guess was correct. The world will be split into levels of trust.

    And at some point caller ID processing will have to be updated to handle more information displayed about the calling numbers. Most (likley all) of those boxes attached to land line will never get an update. A LOT of smaller business PBX systems will not either. Enterprise level PBXs will likely get to pay big $$$ for software upgrade options. But then the question is how to deal with the handset displays.

    Cell phones running things like iOS and Android will get it. But likely only if you upgrade to the latest OS a year or two from now. Older models and those cheap Andriod phones sold on grocery store end caps will not see it. Neither will flip phones and such sold to low income people.

    So caller spoofing will then only really work on the poor and people who don’t want to upgrade their phones. Cell and land line. But of course land lines are dying out as the owners die off of old age.

    See this for an overview.

  17. “They have it now” might be optimistic. That whitepaper is referring to RFC 8226 which is a standards-track proposal that’s less than a year old (February 2018). The proposal does a certain amount of handwaving around the notion of how to determine who is “authorized to claim authority over a telephone number.”

    The proposal leverages the existing PKI used for TLS (“https”) certificates, which certainly should speed implementation and adoption, but like the quest to get to a secure web, even after all the technical pieces are in place (itself in the future) it could still be years before adoption is widespread enough to make a difference.


Join the discussion in the TidBITS Discourse forum


Avatar for jcenters Avatar for ron Avatar for romad Avatar for cbjorgen Avatar for alvarnell Avatar for jwking Avatar for mpainesyd Avatar for raleighthings Avatar for tidbits41 Avatar for thomasdavis