by TURN Managing Attorney Christine Mailloux
I was working in my office and I received a call on my Spectrum cable VoIP landline phone line, that I primarily use for work. The caller ID said Apple, Inc. with an 800#. I answered and a person who sounded like he was calling from a call center with the appropriate background noise told me he was from Apple and that they had discovered someone had unauthorized access to my iCloud account. He claimed that Apple wanted to help me change my settings and my password to prevent further intrusion.
Naturally I was a bit taken aback, but he was very professional, well-spoken, knowledgeable and seemed harmless. He directed me to go to my computer settings and asked about my screen time preferences and settings. That was the first red flag because I could not understand how those setting would be relevant, but I continued to go along with his instructions. He had me change something on my “content restrictions” settings and then instructed me to go to an old-school Apple Terminal Window and pull up my IP address notifications.
From there he showed me something called the “Foreign Address” column and he told me that the foreign addresses showing up on this list meant that someone had hacked into my computer. I later realized that this was baloney, but it sounded impressive and somewhat logical at the time.
By now I had been on the phone with him for at least ten minutes. At one point, as he was instructing me to mess with my settings, I asked him how I knew this was really Apple. He soothingly reassured me that that was a very good question I had, and that I could see his phone number on Caller ID and then go to the Apple website to verify that the customer service number posted there was the same. Of course, I realize that they could spoof the caller ID, but, again, it sounded good at the time.
After further fiddling with my computer, and a check of my iPAD to see if there were any problems on that, he had me go to a website called AnyDesk.com. They are a legitimate company with a legitimate screen sharing product. So although I quickly Googled it while I was on the phone with this scammer, nothing suspicious came up. Then he started the process to gain access to my computer so he could, supposedly, see where the hackers/intrusion happened and how to repair it.
At this point, I was getting more skeptical by the minute. Why would Apple need to share my screen? Why use this third-party software? Why would I give this total stranger who called me out of the blue access to my screen and my computer??? So I put him on hold, conferred with my husband Jim and decided I would end the call.
When I got back on the phone I finally told him I was super busy and wanted to do some research and would call Apple back when I had more time. He again was slick and professional, giving me his (fake) Apple ID, a reference number for my case, and other official sounding information.
All in all I was probably on the phone with him for 15-20 min. In retrospect, the fact that this call came in on an unlisted number was another red flag. Further research showed that the scam is a relatively common one and AnyDesk itself is aware of it.
Must You Answer That Phone?
One of the easiest ways to avoid phone scams is to let unknown callers go to voicemail. Especially if from an 800 number or unfamiliar area code, even if the Caller ID says it is a company you have heard of.
Be suspicious of:
· Calls from unknown numbers.
· Callers who claim to represent a large government agency like social security, your utility company or a big technology company like Microsoft or Apple. These companies are unlikely to initiate a call to you.
· Calls offering free products or services. If it sounds too good to be true, it is.
· Unknown caller asking for your personal or financial data, such as your Social Security number or credit card number. Or in this case, user names and passwords. If they say they have the information and just need you to confirm it, that’s a trick.