- Get link
- X
- Other Apps
TIFU by trusting caller ID and letting a fake "Apple Support" agent terrify me into compromising my personal info
this happened yesterday....
I have always prided myself on being the "tech guy" in my family. I use a password manager, I have 2FA on everything, and I laugh at obvious phishing emails. But yesterday, my brain completely short-circuited, and my ego got absolutely humbled by a terrifyingly well-designed scam.
At around 8:00 PM, I was watching Netflix when my iPhone and Mac suddenly got bombarded with dozens of "Reset Password" requests. I mean dozens. Pop-up after pop-up asking me to "Allow" or "Don't Allow". I kept aggressively mashing "Don't Allow", but it was relentless and honestly panic-inducing.
Ten minutes into this notification bombing, my phone rings. The Caller ID says "Apple Inc." and displays the exact official 1-800 Apple Support number.
I answered it.
A guy with a perfectly calm, professional American accent says: "Hi, this is Apple Support. We are seeing a massive brute-force attack on your iCloud account from an IP address in Russia. We need to secure your account immediately before they lock you out."
Instead of hanging up, I believed him. He didn't ask for my password, which made me drop my guard completely. Instead, he started reading my info to me to "verify" my identity. He told me my full name, my home address, and the last 4 digits of my linked credit card.
Like an absolute idiot, I verbally confirmed all of this information for him on a recorded line, basically verifying to a hacker ring that my phone number is active and all their dark-web data on me is accurate.
Then he says: "To block this attack, I am generating a one-time Support PIN to your phone. Please read it back to me so I can lock down the system."
I get a text with a code. My heart is pounding. I am literally taking a breath to read the numbers out loud to him.
Right before I spoke, my eyes finally focused on the actual text message. It wasn’t a Support PIN. It was the Apple 2FA code to authorize an Apple Pay device transfer.
I froze, realized what was happening, and hung up the phone.
If I had read those six numbers, he would have bypassed my 2FA, taken over my Apple Pay, drained my accounts, and likely remotely wiped my Mac and iPhone using Find My.
Because I blindly trusted a spoofed Caller ID and verbally confirmed my identity, I spent the rest of my night in a full-blown panic attack, freezing my credit, locking my bank accounts, and changing every password I own. My pride is completely shattered.
TL;DR: Got hit with a massive MFA fatigue attack, answered a spoofed phone call from "Apple Support", confirmed all my leaked personal info to a scammer, and came within three seconds of handing over the 2FA code to my entire digital life.
Comments
Post a Comment