Jan 11, 2025 1 min read links

Link: A scammer details how voice phishing groups are abusing Apple's support line to generate "account confirmation" message prompts from Apple to their customers (Brian Krebs/Krebs on Security)

Voice phishing scams leverage legitimate Apple and Google services to deceive users and steal vast sums of money, a security investigation reveals. Apple and Google have long warned about not contacting users unsolicited, but scammers still manipulate their systems to initiate contact.

KrebsOnSecurity highlights the case of a cryptocurrency investor, dubbed Tony, who lost $4.7 million due to these sophisticated scams. Initially contacted via Google Assistant, the scheme involved authentic-looking emails and account recovery prompts, tricking Tony into revealing sensitive information.

The fraudsters misuse Apple's telephone support to generate fake account confirmation prompts, further lending credibility to their guise. A scammer provided insights into how these groups employ Apple's systems to orchestrate believable scams, fooling victims into thinking they're in genuine communication with Apple or Google.

Typically, these scams involve several roles: the caller, the operator of the phishing panel, and others who handle the stolen funds or data. These elaborate setups show the organized nature of modern cybercrime, where roles are clearly defined and each participant has a specific task.

This particular scam was unraveled when co-conspirators within the phishing group leaked operational details, including videos and tutorials. These leaks reveal the internal workings of the scams, illustrating the manipulation techniques and the sequential steps of the scam.

Despite their complexities, these voice phishing operations are not without internal risks—they often disband due to betrayal among members. Experts suggest that the treacherous nature of these groups mirrors the deceit they propagate externally, making them unstable and prone to internal conflict. #

--

Yoooo, this is a quick note on a link that made me go, WTF? Find all past links here.

You might also like...

Link: More than half a dozen celebrity video game streamers returned exclusively to Twitch in 2024, after their multimillion-dollar YouTube and Kick contracts expired (Cecilia D'Anastasio/Bloomberg)

Link: A look at LexisNexis Risk Solutions, RELX's largest division, which accounts for ~35% of RELX's revenue and holds 9B device records and 3B digital identities (John Gapper/Financial Times)

Link: Thumbs-Up Emoji Formed Binding Sales Contract in Canada-Achter v. South West Terminal - Technology & Marketing Law Blog

Link: 2024 Internet Law Year-in-Review - Technology & Marketing Law Blog

Link: Sources: OpenAI, Google, and other companies are collectively paying hundreds of content creators for access to their unpublished videos to train AI models (Aisha Counts/Bloomberg)