Skip to main content

TIFU by trusting caller ID and letting a fake "Apple Support" agent terrify me into compromising my personal info

this happened yesterday....
I have always prided myself on being the "tech guy" in my family. I use a password manager, I have 2FA on everything, and I laugh at obvious phishing emails. But yesterday, my brain completely short-circuited, and my ego got absolutely humbled by a terrifyingly well-designed scam.

At around 8:00 PM, I was watching Netflix when my iPhone and Mac suddenly got bombarded with dozens of "Reset Password" requests. I mean dozens. Pop-up after pop-up asking me to "Allow" or "Don't Allow". I kept aggressively mashing "Don't Allow", but it was relentless and honestly panic-inducing.

Ten minutes into this notification bombing, my phone rings. The Caller ID says "Apple Inc." and displays the exact official 1-800 Apple Support number.

I answered it.

A guy with a perfectly calm, professional American accent says: "Hi, this is Apple Support. We are seeing a massive brute-force attack on your iCloud account from an IP address in Russia. We need to secure your account immediately before they lock you out."

Instead of hanging up, I believed him. He didn't ask for my password, which made me drop my guard completely. Instead, he started reading my info to me to "verify" my identity. He told me my full name, my home address, and the last 4 digits of my linked credit card.

Like an absolute idiot, I verbally confirmed all of this information for him on a recorded line, basically verifying to a hacker ring that my phone number is active and all their dark-web data on me is accurate.

Then he says: "To block this attack, I am generating a one-time Support PIN to your phone. Please read it back to me so I can lock down the system."

I get a text with a code. My heart is pounding. I am literally taking a breath to read the numbers out loud to him.

Right before I spoke, my eyes finally focused on the actual text message. It wasn’t a Support PIN. It was the Apple 2FA code to authorize an Apple Pay device transfer.

I froze, realized what was happening, and hung up the phone.

If I had read those six numbers, he would have bypassed my 2FA, taken over my Apple Pay, drained my accounts, and likely remotely wiped my Mac and iPhone using Find My.

Because I blindly trusted a spoofed Caller ID and verbally confirmed my identity, I spent the rest of my night in a full-blown panic attack, freezing my credit, locking my bank accounts, and changing every password I own. My pride is completely shattered.

TL;DR: Got hit with a massive MFA fatigue attack, answered a spoofed phone call from "Apple Support", confirmed all my leaked personal info to a scammer, and came within three seconds of handing over the 2FA code to my entire digital life.

Comments

Popular posts from this blog

TIFU by forgetting my purse and attempting to get fuel

Not the craziest story but hey. I'm obligated to say this was a few months ago but I cringe every time I go past the petrol station . My petrol was getting low, not dangerously so but it said 27 miles left, (oftentimes it then suddenly drops to about 16 for example, and then 5 and then 0 very fast) I didnt have my purse on me as I just didn't need it... Picked my daughter up from school and then went on to collect my 2 stepdaughters from across town and then set off for home. En route the gauge went to 7 and then suddenly it was 1 so I stopped at the petrol station near our house. The petrol was on 0 as i pulled up to the pump and that's when I realised I had no money. I left the kids in the car at the pump and went in to talk to the cashier, it wasn't mega busy but there was a queue, I'd heard that they can help you if you can't pay for fuel. Like keeping something of yours as security. It was an elderly man and he basically refused to help. At this point i...

TIFU - Don’t do what I did

On Sunday morning Aug. 24th, I awoke to discover a large blind spot in my right eye, which turned out to be what is called wet age-related macular degeneration (AMD). It has resulted in a very significant, permanent loss of vision in that eye. Although I maintain good peripheral vision, whatever I focus on at best is very blurry, and mostly disappears. I can barely make out the large E at the top of the eye chart. If this happens to my left eye I’ll be unable to read or drive. It turns out that I missed the opportunity that I had to prevent this from becoming a serious problem because I failed to report what appeared to be minor changes in my vision. In the weeks prior to August I had noticed that what I knew to be straight lines appeared to my right eye to have a little waviness. I also noticed that the color of my front lawn, which I could see through the window from my recliner,  was subdued, looked almost gray, in my right eye. So I scheduled an eye exam, which revealed the p...

TIFU by getting suspended for 2 days by my front office in school.

I (13M) am an African American student at Jeannette junior high who had got suspended for 2 days here. I was in math class minding my business until my teacher had told me to go to the main office, which posed no problem to me. As i went down there, the people of the front office had stopped me and made me get a new ID (yes, we have id's.) so i had asked them if i could maybe do a different alternative and call my mother to let her bring the Id here, even then, the Id isn't that important. So, although i was talking to them in a calm manner and not showing any signs of rebellion, they had threatened to call the police on me without thinking twice before calling my parents. This is where i started getting angry, and even then now the black peers agree that could have been a racially motivated action. They then told me to sit in the office conference room because of that, leading into more anger. They had then called my mother who had came over to the school didn't even let ...