• Brickhead92@lemmy.world
    link
    fedilink
    arrow-up
    136
    ·
    7 hours ago

    I had one a about a month ago now that I was actually impressed with how they did it.

    I have a Apple account just for the kids Apple devices (required for school). Received an email from Apple support about fraudulent activity and that they’d call at sometimes. I thought that was weird and checked out the email and everything was legit.

    Call came in a little early then in the email. They knew all the right details including the case number, sent a verification code to my mobile from a short code SMS “iCloud” and at that point they had me. But only until they asked me to go to a site apple.somebullshit.com. Well apple isn’t going to use a domain that’s not *.apple.com. went there anyway to check and the SSL cert was from Let’s encrypt, apple ain’t using let’s encrypt.

    20 years in IT, that’s the closest I’ve been in. Very long time to falling for something.

    • Barbarian@sh.itjust.works
      link
      fedilink
      arrow-up
      71
      ·
      edit-2
      5 hours ago

      I know someone who got had by a spearfishing call. They knew all the details about his phone contract, sounded 100% legit. The scammer got thousands of dollars in prepaid SIM cards from his account.

      After the police investigation, turned out that the scammer was actually a former employee of the phone company who downloaded a copy of the customer list when he got fired.

      • Ms. ArmoredThirteen@lemmy.zip
        link
        fedilink
        English
        arrow-up
        43
        ·
        3 hours ago

        This is why even if I think something is 100% legit, if a place calls me asking for anything I tell them I have to check on it and call back. Then I’ll call their known public number and go through that way. I’ve avoided a couple scam situations like this

        • valkyre09@lemmy.world
          link
          fedilink
          arrow-up
          31
          ·
          3 hours ago

          Honestly this is so simple and effective at stopping these sort of scams dead in their tracks. When you call in to help desk and say “I was just on the phone with your agents about a payment problem” and they don’t see any record, it’ll set off all sorts of alarm bells. Especially if it’s the bank.

    • Infernal_pizza@lemm.ee
      link
      fedilink
      English
      arrow-up
      11
      ·
      4 hours ago

      So are you saying the original email genuinely was from Apple? If so do you have any idea how the scammers got all that info? And did you ever receive the legitimate call back from Apple?

      • dependencyinjection@discuss.tchncs.de
        link
        fedilink
        arrow-up
        4
        ·
        53 minutes ago

        I’m just speculating but maybe they (scammers) filled out a fraudulent activity form on the Apple site on behalf of the victim and then called before an Apple rep did.

  • RedSnt 👓♂️🖥️@feddit.dk
    link
    fedilink
    arrow-up
    49
    ·
    7 hours ago

    I get that feeling when I press “report spam” and gmail suggest I “unsubscribe from them”, that that’s exactly what the spammer want, a ping back so they know I’m susceptible, that I’m an engaging fool, and get put on all the lists.

    • explodicle@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 hour ago

      It drives me nuts that I can’t turn off the unsubscribe feature entirely. I’ll use their unsubscribe button once, and if it doesn’t work, then all future emails are getting forwarded back to whoever I gave the email address.

    • Dainis@lemm.ee
      link
      fedilink
      English
      arrow-up
      27
      ·
      6 hours ago

      Not sure if emails work the same way, but this is how phone scammers work

      If you interact with a phone scammer, send them to hell or do anything at all with them, you just get added to a big lost of people that respond to scam calls and so you get more calls

        • Coreidan@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          2 hours ago

          They get paid for that time. They literally do not care.

          You’re only wasting your own time.

          • Rai@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            1
            ·
            33 minutes ago

            Most scammers do NOT get hourly pay, at least in India, Pakistan, Nigeria, or the Caribbean. They’re paid solely on commission for the money they make for the scam call center they work for, or they work for themself so nobody is paying them.

        • The_v@lemmy.world
          link
          fedilink
          arrow-up
          5
          ·
          4 hours ago

          I have a work phone and a personal phone. The work phone i answer calls from I known numbers all the time. My contact information gets passed around as part of my business. For a while I had scammers hitting my number 3-4 times per day. I answered and fucked with them every time. A little free stress relief through the day. Now I almost never get them anymore.

          My personal phone I have always screened all the calls. It still gets hit with scammers 2-3 times per week.

          I guess you are right. There is a list going around of numbers who waste their time.

        • ThePantser@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 hours ago

          That’s what I figured too. Make sure to be the biggest pain for them. Seems dumb to put someone that is savvy and not a rube on a list to be called more. I would think the not answering scam calls would get you more calls because they are unsure of you.

          • I defiantly got onto the call more list at one point but I kept being the biggest pain in the ass and one day they just stopped completely. I once had these one people on the phone for 6hours straight and went through about 4 transfers in the process. They connected with my VM at one point where I was live developing a fake bank website I had passed through from my host. Did u know u can embed the password game into a website extremely easily and conveniently I needed a password reset and needed help. Yes I stole the idea from kitboga.

            • Coreidan@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 hours ago

              Jesus Christ dude. 6 hours?!

              Ignoring calls is easy enough. I value my time more.

              If I don’t recognize a number I just don’t answer it. No time commitment.