Scam Apple Tech Support - phone number came from Safari search

Question

Level 1

9 points

Scam Apple Tech Support - phone number came from Safari search

A friend used Safari on her iPhone to search for an Apple Customer Service phone number becuase her bank account had been frozen. The bank indicated there was an attempted data breach and she should have her phone scanned for viruses. The search returned this phone number: * *** ***-****. Upon calling, a man answered the phone, "Tech Support", asked to install Anydesk app and proceeded to indicate that her iphone was in fact infected. The Scammers asked her to sign onto bank accounts, Vemno, and Zelle to check for bad transactions as they were viewing with Anydesk app. They indicated that Vemno and Zelle were in test mode and asked my friend to send test transactions to them. Obviously this was a scam to have her send them money and it was working. They got greedy said that $13000 was being transferred to her bank account and indicated that she should go to the bank and withdrawl that amount in cash while still on the call. She went to the bank, they locked the accounts and assisted my friend in ending the scam call. I believe they would have asked her to wire the money back to them.

Wow, you should never allow anyone to remote to your device and open financial apps etc... I believe that she was frazzled and figured that she called "Apple" so she trusted that the were really helping her to identify malicious transactions. The Vemno transaction failed because the account was locked. The Zelle transactions failed for some other unknown reason and the cash was never withdrawln.

Luckily there wasn't any financial damage but I'm very concerned that her phone is somehow compromised.

The initial search which yeilded the malicious phone number above couldn't be replicated on her phone, her computer, my phone, or my computer using Safari. How was she redirected to this phone number? What can be done to test the integrity of the phone at this point? So far, we wiped the phone and restored from three days prior and checked to see what devices have connections, etc. It's quite possible that the restored data is also compromised. Any help or suggestions would be appreciated. I'm an I/T guy and clearly understand her mistakes so please don't leave sarcastic comments. Thank you in advance for any help you may provide.

[Edited by Moderator]

iPhone

Posted on Aug 1, 2023 4:06 PM

Reply

Answer 1

muguy

Level 10

91,172 points

Aug 1, 2023 4:56 PM in response to Like2Run

Factory reset the device and do not restore it from a backup made after the connection by the outside person.

Reply

Answer 2

Aug 1, 2023 4:27 PM in response to Like2Run

RE: "The bank indicated there was an attempted data breach and she should have her phone scanned for viruses."

Did the bank indicate this? Or a message that claimed to be from the bank – but that was actually from criminals? Given the sandboxing in iOS, it would be very hard to infect an iPhone with a virus (that could automatically spread from one app to another), though criminals might try to get you to install other types of malware.

RE: "How was she redirected to this phone number?"

Could have been through e-mail. Could have been through a Web site. Also could have been through a Web site notification, perhaps one disguised with a copy of a standard iPhone icon (like the System Settings app's icon, or the Phone app's icon), the better to fool the victim.

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

"If you believe that your Apple ID has been compromised, or if you might have entered your password or other personal info on a scam website, change your Apple ID password immediately."

Reply

Answer 3

Dec 7, 2023 11:33 AM in response to Like2Run

She wasn’t redirected, she used a link from Google.

She should have paid attention to the source of the number and verified it was from Apple.

If you think your Apple ID has been compromised - Apple Support

Reply

Answer 4

Like2Run Author

Level 1

9 points

Aug 1, 2023 5:46 PM in response to Servant of Cats

Yes, she called the bank, this was not a message.

She said that she opened Safari and searched for "Apple Customers Service". I verified that by looking at the browser history. When I entered the same search term from her phone it found the correct Apple support phone number.

We changed her Apple password and wiped her phone. Restored iCloud backup from three days prior. Just very puzzled that she came across this phone number in Safari. Thank you for inquiring, your comments are certainly some of the same thought I had. I have to believe that she was somehow re-directed since I found the browser history search item.

Reply

Answer 5

3boyzmaw

Level 1

12 points

Dec 7, 2023 11:22 AM in response to Like2Run

I had called Apple support to try to get a referred on Apple TV subscription for $9.99 which I should’ve canceled but it renewed today and it took the money out of my Apple account which I needed. I was supposed to someone there they had me do the any desk and they start looking in having me looking all my accounts. I got out of it because I didn’t want him in my any of my bank account information, is there more I should be able to access my information again even though I have deleted any desk off of my phone

Reply