Everyone knows to be wary of suspicious emails, or dodgy phone calls from people claiming they're from your bank. But a new scam specifically targeting users of Apple products is slightly more elegant and crafty in its approach.
As researchers from MalwareBytes note, crooks are apparently impersonating Apple's legitimate remote technician service, which is used by customers when they need some sort of support with their device.
First, malicious adverts—otherwise known as malvertising—pop up in a target's browsing session. Malvertising is typically delivered when a hacker uploads a malware laden piece of content to a legitimate ad network, which then pumps the advert onto websites. The practice has recently targeted some of the most popular sites on the web, including the Daily Mail and Forbes.
These adverts tell the target that their machine is under threat, and requires the attention of an Apple technician. The victim then rings the phone number provided, and the scammer tells them to go to a certain domain.
Usually, Apple customers might decide to head over to the legitimate site https://ara.apple.com, where customers sign up for a secure session with an Apple employee, who then guides them through whatever trouble they're having.
But, these cybercriminals registered their own, incredibly similar domain to trick those not particularly paying attention: ara-apple.com.
Here, victims are directed to download different pieces of software that will allow the technician to connect to their computer.
"Those are downloaded and hyperlinked from the official [repositories]. They use the free versions which are harder to trace back," Jérôme Segura, senior security researcher at MalwareBytes, told Motherboard in a Twitter direct message
From here, it's a simple case of convincing the likely-paranoid victim to pay for the technician's services.
"The primary goal is to extort money by showing made up errors once they are remoted into the people's computers," Segura continued. "Scared victims will often comply and pay between $200 and $500 for bogus support packages."
Scams where crooks pretend to be computer technicians are already established, and are commonly carried out over the phone. But this is a new twist on the classic, and interestingly piggy-backing off of the reputation of a legitimate remote access service.
As MalwareBytes write, "Remember that Apple would never use such methods to have you call them or would never call you directly either."