Scammers are always looking for new ways to trick people out of their money, and a recent phishing scam involving legitimate Apple support emails is particularly dangerous. These cybercrooks are finding ways to bypass spam filters by using real Apple emails to deceive their targets. Imposter scams are becoming harder to spot, as scammers are using advanced techniques to create convincing messages. Even tech-savvy individuals like WordPress founder Matt Mullenweg fell victim to a phishing scam targeting his Apple account. The scammers used a technique called "MFA bombing" to overwhelm Mullenweg with password reset attempts. They then went a step further by contacting Apple Support, pretending to be Mullenweg, and generating legitimate emails to convince him to update his information. The scammers went as far as contacting Apple Support themselves, posing as me, to create a real case and send authentic emails from Apple's servers. These emails were so legitimate that no spam filter could have detected them. Matt Mullenweg The scammers then called Mullenweg, pretending to be Apple Support, to resolve the password reset notifications. Despite Mullenweg's suspicions, the scammers followed a convincing support script to gain his trust. After providing security advice, the scammer tried to trick me into clicking a link to review and cancel the pending password reset request. It was a well-crafted phishing attempt, but I saw through it in the end. Matt Mullenweg These targeted attacks are sophisticated and aim to deceive individuals by using social engineering tactics. It's crucial to be vigilant and look out for red flags that indicate a scam. Some tips to protect yourself include: How to Protect Yourself Apple will never call you first: Be wary of unsolicited calls claiming to be from Apple. Ignore Random Prompts: Don't respond to unexpected password reset requests or access prompts. Enable Two-Factor Authentication: Secure your accounts with 2FA to add an extra layer of protection. Use Unpublished Contact Information: Keep your account details private to prevent scammers from targeting you. Check Domain Names Carefully: Verify the legitimacy of domain names to avoid falling for fake websites. Maintain Skepticism: When in doubt, verify the identity of the caller or sender before sharing personal information.
