One day, your iPhone received an automated call from Apple (complete with Apple’s logo) warning that multiple servers containing Apple user IDs had been compromised and that you needed to call a 1300 number before doing anything else.

When you looked at your iPhone’s recent call list, you saw this:

That call looked legitimate right?

Unfortunately, if you call that 1300 number, you will be scammed.

What happened?

As you know, if your iPhone’s Contacts app contains your friend’s number and photo, then whenever your friend calls you, her photo will appear. Also, remember that whenever you buy a new iPhone, its Contacts app will contain a default entry: Apple’s contact details (that contain its logo).

Therefore, if you did not delete Apple’s contact details in the Contacts app, Apple’s logo will appear when it calls you.

However, in this case, Apple did NOT call you. A hacker had spoofed the Caller ID. That is, he made his call seemed as if it originated from Apple’s phone number. So, when your iPhone saw the call from ‘Apple’, it automatically displayed Apple’s logo stored in your Contacts app. Your iPhone will also include that spoofed call in the recent call list within Apple’s contact details.

Make no mistake, this is not a fictitious story. It happened to someone who is the CEO of a security consulting company. Fortunately, she was not tricked. Upon receiving this spoofed call, she called Apple Support and verified that it was indeed a scam. Unfortunately, as shown in the screenshot above, her call history with Apple included the spoofed call, which made it very difficult to seperate it from the legitimate call.

Another thing to note. The spoofing of Caller ID is NOT due to a security weakness of iPhones. All phones suffer the same weakness. This is a security weakness in the global telecommunication infrastructure.

Now, here comes a disturbing thought. If Caller ID can be spoofed, that means you cannot really trust whether a phone call indeed comes from the phone number as displayed in the Caller ID. That means a scammer can pretend to be calling from any entity, including the police, corporations, government departments, and so on. That means when it comes to phone calls, you have to increase your level of paranoia and vigilance.

If you want to ensure that phone calls cannot be spoofed, then you need to use an encrypted VOIP app like Signal.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

DON'T GET HACKED!

Related Post

Leave a ReplyCancel reply

Discover more from iSecurityGuru