I have a Apple account just for the kids Apple devices (required for school). Received an email from Apple support about fraudulent activity and that they'd call at sometimes. I thought that was weird and checked out the email and everything was legit.

Call came in a little early then in the email. They knew all the right details including the case number, sent a verification code to my mobile from a short code SMS "iCloud" and at that point they had me. But only until they asked me to go to a site apple.somebullshit.com. Well apple isn't going to use a domain that's not *.apple.com. went there anyway to check and the SSL cert was from Let's encrypt, apple ain't using let's encrypt.

20 years in IT, that's the closest I've been in. Very long time to falling for something.

[–] Infernal_pizza@lemm.ee 23 points 1 week ago (5 children)

So are you saying the original email genuinely was from Apple? If so do you have any idea how the scammers got all that info? And did you ever receive the legitimate call back from Apple?

[–] Brickhead92@lemmy.world 6 points 1 week ago

Yeah it was a legit apple support email and I compared it to the email I received after calling apple and starting a new case to give them all the info I could about the scam.

I assume that got my info from a data leak somewhere.

load more comments (4 replies)

load more comments (16 replies)