Home > News content

Malicious websites flicker iOS users to call fake Apple Care customer service phones.

via:cnBeta.COM     time:2018/7/31 11:46:13     readed:94

Technological support for fraud is refurbished

In recent years, due to the rise of mobile Internet and smart phones, "technology support fraudsters" began to focus on the mobile field. Because many people's lives are closely related to mobile devices, these goals become "new fat".

Jeremy Richards, Lookout, a mobile security service provider, said:

People are more distracted and trusted when using mobile devices, so phishing attacks against mobile devices are more likely to succeed.

E-mail addresses related to Apple's iCloud services are vulnerable to this type of phishing scams.The security researcher tried to call the "customer service call" prompted on the page, and the caller claimed to be "Lane Roger from Apple Care."

According to the script, the user will first receive an email with a thrilling headline, such as "User [xxxx], your account XXXX has a serious warning".It strongly mimics the official format, but the discerning eye always finds some unnatural.

For example, this fraudulent mail may warn that the login attempt of your account (E - mail address) has been blocked, and someone has just tried to log in to your personal data with your password.

But after clicking the "check activity" button below, it will be transferred to a fraud somewhere in India.websiteUp.

The page redirects the victim to another website using JavaScript confusion code. Then the website jumped to applesecurityrisks.xyz again -- a false Apple Care support page.

More abominable, it will use the Tel event to activate dialing.After clicking, the user attempts to initiate FaceTime calls on the iOS device.

The animated dialog box on the screen will urge the victim to confirm the call.After all, their devices have been "locked down for illegal activities". But in fact, web script will determine the type of user's device through browser's UA.

window.defaultText=

Fortunately, security researchers have passed the technical details of the fishing fraud website to Apple security team members.Although the malicious web site is still active, Google and apple have labeled it "fraud".

[compiled from:ArsTechnica]

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments