Tech Support Scammers Impersonate Apple Technicians

Malwarebyes ^ | October 20, 2015 | BY JÉRÔME SEGURA

[Swordmaker]

Remote assistance is becoming more and more popular to troubleshoot computer issues without the hassle of bringing the problematic machine to a store. Indeed, from the comfort of your own home you can let a Certified Technician remotely log into your PC and have them fix the issues you are facing.

Apple offers a screen sharing service part of its support center that puts you in touch with a remote advisor. The process is secure and requires a unique session key to authenticate into the system that the customer needs to enter at the following URL: https://ara.apple.com

In today’s post we will talk about how we discovered that crooks are abusing this feature and fooling Mac users into trusting them.

As we have been documenting it so many times on this blog, there has been an explosion of tech support scams via malvertising and fraudulent affiliates. All systems are targeted, not just Windows PCs and in fact, fraudulent warnings for Mac are getting extremely common.

 

These pages are designed to scare people into thinking there is something wrong with their computer. Fraudsters will use all sorts of messages, audio warnings and other artifacts in order to social engineer marks into calling for assistance.

Typically scammers will have the victim browse to LogMeIn or TeamViewer and have them download the remote software necessary to take remote control. However, and especially in this case that involves Apple consumers, this step may seem unnatural, not part of the whole “Apple experience”.

For this reason, the crooks registered a website with a domain name that looks like the real Apple one (ara.apple.com) by calling it ara-apple.com. The site was registered through GoDaddy and resides on IP address 184.168.221.63.

This domain is used for everything from linking to the remote programs the ‘technician’ will use:

to processing payments (note how the ‘Secure Payment’ page is using regular, unencrypted HTTP)

We have contacted both the registrar (GoDaddy) and hosting provider (Liquid Web) so that they can take appropriate actions in shutting down these fraudulent websites.

This particular case shows that tech support scammers are resorting to more elaborate ways to social engineer their victims. Perhaps Apple users are even more at risk because they may be less experienced at dealing with these kinds of “errors”.

As always, please be particularly suspicious of alarming pop ups or websites that claim your computer may be infected. Remember that Apple would never use such methods to have you call them or would never call you directly either.

For more information about tech support scams and a comprehensive list of known malicious sites and phone numbers, please check out our resource page.

[skeeter]

Is it just my experience but are there an inordinate number of scammers out there recently? Its really shot up over the past year.

[Seruzawa]

Popups and such claiming that your computer is infected is an old scam. However one is born every minute.

[telstar12.5]

twice a month at my house:”microsoft windows here - we have detected a problem with your computer”

can barely understand them, the english is so bad

the long-distance switching and call-center pass off is so obvious

i tell ‘em I’m running Ubuntu - clueless

[Swordmaker]

POP-UP ads may appear on your Apple Device, Mac, iPhone, iPad, iPod touch, saying you are infected with a virus and to call this 800 number for tech support to help you get rid of it. . . THIS IS A SCAREWARE SCAM and it is only an ad designed to remove you from your money. Also cold calls are now being made attempting the same thing where a voice on the other end may say they are calling from Macintosh (the won't say Apple because then Apple can sue the pants off them, similarly when they call about a Windows computer they say they are calling from Windows tech support not Microsoft) and say your computer is reporting a virus. . . and they are here to help. Don't bother. Again, it is a scam. Here is an article on the new phenomenon, old to Windows users, for Mac users of phishers trying to scam Mac, iPhone, and iPad user out of their hard earned cash from MalWareBytes explaining how they do it. Well worth reading. — PING!

Ping to dayglored; Shadow Ace; ThunderSleeps for your ping lists as well as there is spill over.

Apple All Device Security
Ping!

The Latest Apple/Mac/iOS Pings can be found by searching Keyword “ApplePingList” on Freerepublic’s Search.

If you want on or off the Mac Ping List, Freepmail me.

[telstar12.5]

twice a month at my house:”microsoft windows here - we have detected a problem with your computer”

can barely understand them, the english is so bad

the long-distance switching and call-center pass off is so obvious

i tell ‘em I’m running Ubuntu - clueless

[AppyPappy]

Thinning the herd. Unfortunately, my wife would fall for one of these.

[KC Burke]

All apple users should understand that all such pop ups and items that appear to lock the computer should be shout down as follows:

Click the “apple” in the upper left hand corner of your screen. Select “force quit”. Select Safari from the listings. When Safari is re-opened, it may reload the same window grouping including the pop up. Force Quit again and then on re-start tell it not to open previous windows.

[gibsosa]

FYI—They have taken many of my elderly clients for money to the tune of at $600.00, in one case.. luckily they used a credit card, not a debit, and I was able to help them contact the CC company and get a refund...

[KC Burke]

Mine did but we got the charges canceled, the computer cleaned and a re-training session held.

[skeeter]

Recently I had a guy with a think Indian accent (Pakistani?) identify himself as Dan Richmond with the IRS and tell me I was in big trouble if I didn’t cooperate and answer his questions. Which of course included what my SS number was.

[MayflowerMadam]

“twice a month at my house: ‘microsoft windows here - we have detected a problem with your computer’”

I love it when I get those calls. It’s so much fun to goof on them, say I’m doing all the things they tell me to, keep them on the phone for 10 or 15 minutes. At some point they ask, “What do you see on the screen now?” I say, “I see the virgin Mary.” One guy screamed, “You see DA WIRGIN MARY?!?” I GUESS I scared him; he hung uP.

[relictele]

There are call centers everywhere in the Third World.

They can be used for good or evil. The equipment doesn’t change and often neither do the staff.

They rely on people’s tech addictions combined with ignorance, panic and lots of false but official soundng jargon.

I know of one poor sod who got a popup on his iPhone browser - a mere annoyance but he was convinced to call ‘Apple Support.’ Naturally, he didn’t even verify the 800 number matched the real support line. The scammer convinced him to connect his phone to his PC and THEN set up a remote session on the PC, expoaing him to untold horrors in keyloggers, spyware, etc. The usual Fear Uncertainty & Doubt routine followed along with a request for $270 to ‘fix the problem.’

Fortunately the phone owner snapped out of it in time but the scammer in Croatia, the Philippines or whereever had plenty of calls besides that one, I’ll wager.

[AppyPappy]

We got the call about our daughter missing jury duty. I played along with the guy trying to figure out how they were going to get paid. He finally said “Come to the Sheriff’s department and we have a kiosk that allows you to pay via Paypal”. At that point I laughed and he knew he was done.

[AppyPappy]

My wife’s “rich” aunt got taken for everything. She died penniless due to a Jamaican Lottery scam.

[AppyPappy]

“mmm...what are you wearing, Dan? Mmmmm”

[KC Burke]

The Apple and Microsoft Windows brands don’t seem to take prompt action when someone is using their name for theft.

[skeeter]

... Dan from BANGALORE.

[AppyPappy]

You can’t get to them. They are using burn phones and number spoofing. The call we got was a local number.

[AppyPappy]

“mmmmm...I bet it’s hot there, Dan. Are you hot? I bet you are, peeping in my Windows like that when I’m wearing my camisole. Mmmmm...”

Culturally, they have no idea how to handle a come-on from a guy.