Pittsburgh's Action News reported a story yesterday about an Apple iPhone owner who got cheated out of $1,500. A woman named Donna Francis, who lives in Western Pennsylvania, had received a call from what the Caller ID on her phone said was Xfinity Apple Support. She called Xfinity and was told that the company had no Apple Support team and Xfinity recommended that Donna call Apple Support. Getting the phone number from the Apple website, Francis placed a call to Apple Customer Support. The call was intercepted by a hacker who told Francis that she had reached Apple Support and he told her that "You don't want to waste any time, people from Russia and China are hacking into your account." He quickly added, "They've just charged $5,000 to your account."
Watch out for this scam before you become the next victim
The hacker was able to convince Donna to allow him to remotely install software that took over control of her iPhone. Talking to the television station, Francis said, ""Before I knew it, he was opening up my Huntington Bank account and I said, 'Why are you opening up my Huntington account?' He said, 'This is where I think they're taking money." The victim said that she took screenshots that show the apps that the scam artist used to take over her phone. Francis recalls telling the hacker, "I want you to stop right now!' And before I knew it, I could watch him. I'm watching him on the screen."
Watching from her iPhone, Donna saw the complete balance of her bank account at Huntington, $1,498, disappear. The hacker was sending that money to himself according to the victim. The scammer eventually hung up leaving Francis without the cash. She called the police and her bank, and as we write this she has not been able to get her money back. She tried to cancel the transaction using the Huntington app and was unsuccessful; the local branch manager of the bank says that she may never get he money back. Francis says that this is because the records make it appear as though she had approved the transaction.
Talking about the ability of the scammer to hijack the outgoing call, an FBI official said, "I think that's probably technically possible. But we aren't seeing any trends of huge incidents of that happening locally or nationally." However, earlier this month another intercepted call was reported, this time in Southwestern Pennsylvania. An unnamed person tried to register for the COVID-19 vaccination via the United Way's 2-1-1 line. County communications director Amie Downs explained what happened. "The health department and 211 learned that a hacker had intercepted calls at the carrier level. These calls never made it to 211 and callers were not informed that they were not talking with that center. While 211 is continuing to work with its telephone partners to investigate this, we do not know which carrier was involved or how many callers this impacted. The problem was quickly identified and resolved," and the victim's credit card company paid back the amount of money stolen.
Doug Olson, the FBI's Pittsburgh Assistant Special Agent in Charge of cyber, says that everyone who allows a support employee to take remote control of a device verify some information before agreeing to it. "Just say, 'Let me take down your number, who you are with, and I'll call you back.' Go and look up that person, validate who they are. Take that extra step and you make the contact with the institution that you're trying to make contact with, rather than using that call from a fraudster or that email from a potential fraudster." The FBI agent goes on to say, "It's definitely a red flag when somebody reaches out to you who you didn't contact, even if it is a problem you're having. Be suspicious of any unsolicited contacts or offers."
This hack could end up expanding to other parts of the country so be careful and follow the advice given out by FBI agent Olson so that you don't become another victim.