I have a Apple account just for the kids Apple devices (required for school). Received an email from Apple support about fraudulent activity and that they'd call at sometimes. I thought that was weird and checked out the email and everything was legit.

Call came in a little early then in the email. They knew all the right details including the case number, sent a verification code to my mobile from a short code SMS "iCloud" and at that point they had me. But only until they asked me to go to a site apple.somebullshit.com. Well apple isn't going to use a domain that's not *.apple.com. went there anyway to check and the SSL cert was from Let's encrypt, apple ain't using let's encrypt.

20 years in IT, that's the closest I've been in. Very long time to falling for something.

[–] generaldenmark@programming.dev 9 points 1 week ago (1 children)

Thanks for sharing your story! It is very important to get these stories as well, someone who has 20 years in tech so close to getting scammed..

You did the correct thing and kept track of the url etc. on an offday you might not have been so vigilant.

[–] Brickhead92@lemmy.world 3 points 1 week ago

That's just made me think of something else about the day. Totally coincidental, but earlier in the day I was looking into what permission the Microsoft Company Portal App had on unmanaged Android and iOS devices for a concerned user.

Then I got the email from Apple support and was like WTF‽ Then I realised it was to my private email and went, damn! How's that timing.

load more comments (16 replies)