Imagine losing everything – your photos, emails, your entire digital life – in a single, devastating moment. It sounds like a nightmare, right? Well, Apple is warning iPhone users that this nightmare is becoming a very real threat due to increasingly sophisticated hacking tactics. The core message? Do NOT answer suspicious calls claiming to be from Apple.
These aren’t your run-of-the-mill scams. Apple has issued a stark warning about “targeted attacks” designed to steal your account information. Hackers are now employing incredibly clever methods to trick you into handing over your sign-in credentials, security codes, and even financial details. They’re not just sending random phishing emails anymore; they’re actively trying to manipulate you in real-time.
One recent incident, highlighted by Apple Insider, involved a user named Eric Morat who nearly lost everything to what he described as “the most sophisticated phishing attack I’ve ever seen.” And this is the part most people miss: These attacks are so convincing because they often involve a combination of text messages and automated phone calls that seem legitimate.
The attack Morat experienced was particularly insidious. He received a texted Apple security code, followed by an automated call delivering another 2FA code. Here’s the kicker: these were real codes, legitimately generated by Apple, but not requested by Morat himself. Shortly after, he received a call from someone claiming to be Apple support, warning him of an attack on his account. Because of the preceding legitimate codes, the Apple support call felt real, too.
But here’s where it gets controversial… While this specific attack involved a clever combination of text messages and automated calls, it’s really just a more sophisticated version of tactics we’ve seen before, particularly targeting Google users. In fact, I warned months ago that these types of attacks should be stopped dead in their tracks because, and this is crucial, Google has explicitly stated that their support desk will NEVER call you. It’s a simple rule, but it can save you a world of trouble.
Apple has the same policy. According to their official support channels, “Don’t answer suspicious phone calls or messages claiming to be from Apple. Instead, contact Apple directly through our official support channels.” You can find a link to these channels on Apple’s website.
It doesn’t matter what the supposed reason is for the call – whether they’re telling you to disable two-factor authentication (2FA), make a payment, share a password, or anything else. The bottom line is: DO NOT TAKE THE CALL. Apple is crystal clear on this: “If you get an unsolicited or suspicious phone call from someone claiming to be from Apple or Apple Support, just hang up.”
The FBI echoes this warning: “Know that legitimate companies will never call you and offer tech support out of the blue. If you get a call like this, hang up.”
Think of it as a binary decision: if you receive an unsolicited call claiming to be from Apple, Google, your bank, or any other organization, HANG UP. Then, either log in to your account as usual or call the organization using a publicly available support number. Always double-check that the phone number you’re calling is legitimate and not a fake number advertised in a Google Ad. One Google search scam is to create an ad that looks like the company’s official number, but it routes to a scammer.
If there really is an issue with your account, contacting the organization directly through official channels is the only safe way to handle it. If you follow this simple rule, you’ll be far less vulnerable to these increasingly sophisticated attacks.
Now, here’s a question for you: Do you think Apple and Google are doing enough to educate users about these types of scams? Could they be more proactive in preventing these attacks from happening in the first place? Or is the onus primarily on the user to be vigilant and skeptical? Let us know what you think in the comments below!