Beware Spoofed Calls from Apple


(Josh Centers) #1

Originally published at: https://tidbits.com/2019/01/05/beware-spoofed-calls-from-apple/

Phone scammers have found a way to make their phony calls look like they’re coming from Apple. Don’t be fooled!


(Charles Bjorgen) #2

Oh yes, and I have received several variations on the scam. Two days ago I received a thank you for a recent order that I never made for something called “Last Battleground: Mech” I did a search on that title and found an Apple forum (not official) stating this was a scam and to report it to Apple as a phishing scam. I have also received telephone calls and emails stating that my Apple account has been frozen. Best to not respond or click on any links.


(David Ross) #3

Phone scammers spoofing the source of calls is an old thing. Apple is just the latest flavor.

FCC is offering a bounty ($25K I think) for a tech to trace these back.

But the core of the problem is the switching design of the world wide phone system expected all connections to be from trusted agencies. VOIP blows that out that premise and so far the only fixes proposed wreak the existing world wide system.


(paulc) #4

My ISP has NOMOROBO support, it’s decent, but doesn’t really fix the issue (phone still rings, but only once). I have a policy where I will never answer the phone unless it comes from a known source AND is something I am expecting. If it a legit source, they will try and leave a message and I then will always pick the phone up. If my phone announces it is coming from Apple, I will pay attention to see of someone is trying to leave a message, otherwise it’s a robocal plain and simple, wherether it comes FROM Apple or any scammer.


(Dennis Swaney) #5

And the phone numbers that show up are from ACTUAL Apple Stores! That is why in the message the crooks give a different phone number to call.


(Dennis Swaney) #6

The telcos should not let such calls complete as they can determine whether or not the number shown on caller id is the actual number assigned to the person/location of the call.


(Dennis Swaney) #7

On my answering machine the outgoing message starts with the 3 Special Information Tones that denote a non-working number. That is followed by my message: “Due to telemarketing, we no longer answer our phone in person. Please leave a short message after the beep and we’ll get back to you as soon as possible.”

Between the SIT and the message, telemarketers hangup right away; sometimes even before the the recording has only played for a second or two!


(Ron Risley) #8

It’s not that simple. In today’s world, many business calls originate over completely different paths (often a completely different “telco”) than those used to terminate calls (where the number is associated).

–Ron


(Dennis Swaney) #9

In that case there should be a “verification” process that it is legit at each switch/handoff with a trace record kept from source to target. If, as you say, that is impossible then I don’t see why everyone is upset at the NSA. :wink:


(David Ross) #10

As I said, the world wide standard for interconnection was built assuming that only trusted “things” would be connected. So if a call setup command said it was from 123-456-7890 then it was trusted to be so. PBX systems were a crack in that system back in the 70/80s.

The switch from circuit switching to packet switching and then VOIP from almost anywhere broke it entirely. So we now have the mess we have.

Can we change it? Sure. Get every phone company on the planet to agree. Or even the G50 or G20.

Yep. Sure thing. After the mess of the “big switch” you’d have a planet where you have at best trusted country codes and un-trusted country codes. But getting to that would be incredibly non trivial.


(Jerome King) #11

Hi Dennis

Regarding answering machine with Non-Working number tones

I used to have a similar answereing machine (from vTech I think) but after 8 years it died and they no longer seem to offer it.
Who do you use?


(mpainesyd) #12

It is sad but the only way to deal with nuisance calls and scammers is to have the answering machine on all the time and monitor it for genuine calls.
Australia has a government-run “do not call” register that some telemarketers respect but others seem to use it as a source of phone numbers.
I like the dead-line tone idea at the start of an answering machine message. How do I find a copy of the tone, apart from calling your number? :slight_smile:


(thomasdavis) #13

Well, I have read and heard about such scams maybe since 2 or 3 years ago, along with those fake Microsoft scams. A little Google search brought me to some reports at https://www.whycall.me/858-208-4064.html filed by people even since 2017. It’s an old scam, folks. I think we all should have been quite familiar with them.


(mpainesyd) #14

There is a related article about spam at 9to5 Mac


(Al Varnell) #15

There are several apps that specialize in doing this, mostly for free, so I don’t see the point of having Apple embark on what is clearly a major effort to maintain a new database of spammers, especially in the current environment where the calling numbers are fake and can change with every call.


(Dennis Swaney) #16

Jerome, I just recorded the SIT tones from my iMac via iTunes to my answering machine and then continued
with my message.


(Dennis Swaney) #17

That is what I’ve done for years. If we’re home and we recognize the Caller ID, we pick up; if we don’t recognize the CD, then we wait to see if they start leaving a message and again pickup if we recognize who is calling.


(David Ross) #18

Well I thought we were years from such a fix but they have it now. Well sort of. We have a standard that is just now at the start of implementation. And my guess was correct. The world will be split into levels of trust.

And at some point caller ID processing will have to be updated to handle more information displayed about the calling numbers. Most (likley all) of those boxes attached to land line will never get an update. A LOT of smaller business PBX systems will not either. Enterprise level PBXs will likely get to pay big $$$ for software upgrade options. But then the question is how to deal with the handset displays.

Cell phones running things like iOS and Android will get it. But likely only if you upgrade to the latest OS a year or two from now. Older models and those cheap Andriod phones sold on grocery store end caps will not see it. Neither will flip phones and such sold to low income people.

So caller spoofing will then only really work on the poor and people who don’t want to upgrade their phones. Cell and land line. But of course land lines are dying out as the owners die off of old age.

See this for an overview.
https://transnexus.com/whitepapers/understanding-stir-shaken/


(Ron Risley) #19

“They have it now” might be optimistic. That whitepaper is referring to RFC 8226 which is a standards-track proposal that’s less than a year old (February 2018). The proposal does a certain amount of handwaving around the notion of how to determine who is “authorized to claim authority over a telephone number.”

https://tools.ietf.org/html/rfc8226

The proposal leverages the existing PKI used for TLS (“https”) certificates, which certainly should speed implementation and adoption, but like the quest to get to a secure web, even after all the technical pieces are in place (itself in the future) it could still be years before adoption is widespread enough to make a difference.

–Ron


(David Ross) #20

I did say a year or two. :slight_smile:

https://www.engadget.com/2019/01/18/verizon-free-anti-robocall-tools