The latest variants of tech support scams targeting Apple users have done away with the usual visually prominent error messages. Instead, they open the potential victims’ default communication or phone call app, and prompt them to call the fake tech support scam hotline (the number is already prepopulated in the app):
“With click-to-call links, tech support scams do not have to be as elaborate as many current tech support scam websites. They don’t have to rely on scary messages or pose as legitimate error messages to convince victims to call the phone number,” says Jonathan San Jose, of the Windows Defender Research team.
Still, this scam comes with a warning message, only it’s in the form of an audio file that automatically plays as the website is loaded.
“Critical alert from Apple support. Your Mac has alerted us that your system is infected with viruses, spywares, and pornwares,” the message claims.
“These viruses are sending your credit card details, Facebook logins, and personal emails to hackers remotely. Please call us immediately on the toll-free number listed so that our support engineers can walk you through the removal process over the phone. If you close this window before calling us, we will be forced to disable and suspend your Mac device to prevent further damage to our network. Error number 268D3.”
The scam even works on mobile phones:
According to San Jose, this scam technique is not currently widespread, but they believe it soon could be.
“Because the website accepts URL parameters [to insert the scammers’ phone number and change it when the last one is blocked], we can assume it is being sold as a service in the cybercriminal underground,” he noted.