Scam alert! Don't answer phone calls from "Apple Inc." or "1-800-MY-APPLE"

Phishing scams are going crazy in early 2019. I’ve personally seen four in my email so far this year, and now there’s word about a new phishing scam that comes in the form of a fake support call to iPhone users.

What happens, according to security researcher Brian Krebs, is that would-be victims get a phone call on their iPhones with a caller ID name of “Apple Inc.” and a phone number that appears to be AppleCare (1-800-MY-APPLE). The phone call is an automated call that claims that multiple servers containing Apple user IDs had been compromised, and that the person receiving the call should call a 1-866 number before doing anything else with their iPhone.

Apple will NEVER call you directly unless you have requested a call or have started a support session and have asked the Apple rep to contact you. Krebs apparently called the 1-866 number, with a recording telling him he’d reached Apple Support and should wait for the next available agent. That agent was someone with an Indian accent who asked him why he had called. Krebs told the caller that he had received a call and was responding; the call was disconnected.

Chances are pretty good that if the phone call had continued, Krebs would have been asked to pay (via credit card) for some bogus tech support.

Krebs notes that phone phishing usually starts with an “element of urgency in a bid to get people to let their guard down.” He suggests that if you are worried by such a call, don’t call them back at the number offered by the caller. Instead, if it’s Apple, call I-800-MY-APPLE (or another local support number for Apple) and ask them if one of their agents made a call to you. If it’s allegedly a bank or credit card company making the call, call them directly using the number on the back of your ATM, debit or credit card.

Screen shot of the scam call by security consultant Jody Westby, via

Screen shot of the scam call by security consultant Jody Westby, via

Don’t let a scammer — either through email, Messages, or a phone call — take advantage of you. Use your head when you get a “panicky” message from someone who says that your account has been breached, and never click on links in those emails or messages. If it’s a phone call and you feel like you’re being pressured to do something you don’t want, hang up and call the alleged source directly.