Today, let's go through one of the best, most convincing Apple scams that's out there right now. This particular scam really has it all. It has a genuine request with a real support ticket coming from Apple themselves. It has real alerts coming to your phone, your computer, and your tablet, as well as perfectly timed phone calls coming from someone who claims to be Apple support. This scam, it's really good enough to trick even extremely skeptical people. And so today, let's go through it so that you don't get scammed. And of course, if you appreciate content like this, and if you want this content to reach ever more people, so that they don't get scammed, please do smash those like and subscribe buttons, which will force the YouTube algorithm to pick the episode up and share it to ever more people. Thank you very much. So, to start with, the overview of how this scam works comes to us from a man by the name of Eric Morray. He is a product manager over at Broadcom Software in Silicon Valley. And on Wednesday, November the 12th, he became the victim of this very sophisticated scam. And he later went on to detail his experience in an article titled, quote, "I almost lost my Apple account to the most sophisticated fishing attack I've ever seen. How scammers weaponized Apple's own support system to bypass two-factor authentication and how I barely escaped." Now, if you want to read his original account, I will throw a link to his article. You can find it down in the description box below. However, what I did is I converted his experience into a visual timeline that we can look and track together how the whole thing progressed over time. Now, the whole thing began at 3:17 p.m. with what we call the setup. It came in the form of a text message. Basically, it was one of those two factor authentication text messages that you receive when you're using a new computer to log into your your bank account or some other account and it sends you a six-digit code and it tells you not to share that code with anyone. Now, once Eric received that text message, he found it strange given the fact that he was not trying to sign in to anywhere at the moment. And so, naturally, he assumed that it was someone else trying to access one of his accounts. Also, just as he received that text message, he also received the following quote. At the same time, my iPhone, iPad, and Mac all lit up with verification notifications, the familiar popups that appear when someone tries to sign into your Apple ID. Then exactly 1 minute later at 3:18 p.m. he received a phone call from a toll-free number. It turned out to be Apple's genuine automated system delivering him another two-factor authentication code. This time by voice message. And so basically within the span of roughly 2 minutes, he received a text message. He received several pop-up notification on several of his devices as well as a phone call coming from Apple's automatic system alerting him to the fact that someone was trying to access one of his accounts and they needed a two-factor authentication code. Then 3 minutes later at 3:18 p.m. he received the first scam phone call. Although he didn't know that it was a scam phone call, it was from an Atlanta based phone number. And when Eric picked up, the caller identified themselves as being from Apple support and he or she said the following quote, "Your account is under attack. We're opening a ticket to help you. Someone will contact you shortly." And so, you can already get a taste for how sophisticated this is. The first scam phone call is just an automatic phone call alerting you to the fact that there will be a second phone call coming. It's very good stuff. Now, the phone call it only lasted like 28 seconds. But then roughly 10 minutes later at 3:31 p.m., Eric received the second phone call from that same Atlanta based phone number. And here's what he said happened. Quote, "The same number. This time the caller was calm, professional, and kept me on the line for 25 minutes. They said they were following up on the attack. They'd already opened a support case to help secure my account. Here's the clever part. They actually created a real Apple support case in my name. They had me go to my mailbox and walked me through the case confirmation email verifying that the email sender was legitimate. It checked out and indeed at 3:32 p.m. while Eric was still on the second phone call, he received an official ticket from Apple support with a real case ID number. And I really do want to highlight this. This what he received was a real Apple support ticket which came directly from the official Apple email address that it wasn't fake. It was a real ticket. Eric wrote that getting that real ticket while having the person on the phone with him gave that person extreme credibility. Quote, "This gave them massive credibility. Apple's own systems were sending the official emails confirming their case number." Now, while still on the phone with this individual, and after receiving that confirmation email, Eric was told that he needs to change his iCloud password. Quote, "The rep instructed me to reset my iCloud password. I hesitated. This felt wrong. I asked twice if my account was actually compromised. Both times they said yes. With all those verification codes and notifications from 3:17 p.m., it seemed real. I reset my password. The rep guided me through it. He never asked for my two-factor authentication code and he let me complete the reset myself. This felt right. And so already at this point, you can see how good this scam is. All right, just a pause here for a super quick snack break brought to you by today's sponsor, Masa Chips. probably the healthiest chips on the market. They're made with exactly three ingredients. Organic blue corn, 100% grass-fed beef tallow and sea salt. You really don't get much better than this. I mean, long-term viewers of the show, you probably know that prior to the '9s, almost all fries and chips in this country were made with beef tallow. But then after the '9s, in order to save cost, almost every single manufacturer switched to using seed oils. But you know the problem with seed oils, all those studies showing their links to inflammation and metabolic diseases. So you kind of want to get them out of your diet. But then what what are you going to do? You're going to move into some cave out in the mountains. Or you just get pasta chips. You put them in your cupboard. That way when you your wife or your kids, they want to snack, you just grab one of these. They're so good. They are crunchy. They don't break when you dip them into guac. And the best part is because they're made with beef tallow, they actually are satiating. So when you eat them, you don't feel like uh you're hungry afterwards, like 10 minutes later. There's no bloating feeling. There's no like there's no crash. There's no feeling of regret afterwards. You just eat them, you feel great, and then you go about your day. And the best part is that to our viewers, to the viewers of Fax Matter, Masa is offering a great promotional sale. Just head on over to masachips.com/roman and if you use promo code Roman, you can save 25% off your first order. And so again, mazachips.com/roman. Use promo code Roman for 25% off and check them out. They sponsor the show. They care about getting the truth out there and they care about your health, which is why they don't compromise in the ingredients. So, check them out. And now, let's head back to the episode. Initially, it scares you with a bunch of messages coming in alerting you to someone trying to hack into your account. They then have an initial phone call just telling you that a ticket will be opened in your name. 10 minutes later, they have a second phone call with a professional sounding individual on the other hand walking you through the process. And on top of it all, they send you an actual official email from Apple support. This is why the scam is so good. Even if you are extremely on guard and you're a skeptical person, this is all very believable. However, it's at this point that the true nature of the scam reveals itself. This is the hook. Once Eric changed his iCloud password, the person on the phone, they told him that he should be receiving a text message with a link to go ahead and close the case, which he did. While he was still on the phone with this rep, at 3:44 p.m., Eric received this text message which said that quote, "The agent on the line has initiated a ticket closing gateway." And then it had a link. Now, that link was not legitimate. Appeal-app.com is not a genuine Apple domain. And if that was the only thing that was sent to him, that text message, he probably Eric would have never clicked on it. But because of the preceding 30 minutes that led up to that text message, it made the whole thing seem super legitimate. And so Eric went ahead and he clicked on that link while he was still on the phone. And then he was taken to a page which looked just like any other official Apple page. Other little tricks that were used to make Eric drop his guard even further included the following. Quote, "It had a field number for the case number. They asked me to enter it and to reinforce my trust, they read me the last four digits of the case which matched the ticket email confirmation. Everything seemed normal. The support page promptly displayed a list of steps, some completed, some in progress. I could see something like ticket open, account frozen, password changed, ticket closing. This was brilliant psychological manipulation. Each completed check mark built trust. The in progress indicator created urgency. I was watching my account being secured in real time. Or so I thought. And so here was the moment of truth. At this point, the rep on the phone, he said this quote, "You will now receive a confirmation code to close the ticket." And immediately after the guy on the phone said that, here's what happened. Quote, "The page was replaced by the familiar six-digit placeholder." And I received an Apple validation code by SMS. I entered it. This was the moment they won. And there it was. He had insert a real two-factor authentication code into a fishing website. This was the whole point of the scam, to scare you, to build trust with you, to build credibility for themselves, so that at the very perfect moment, they try to log into your account again. They send you a new two-factor authentication code that you shouldn't share with anyone, and you punch that code into the fake fishing website thinking that's what you should be doing. You would never in a million years do something like that normally. But because of all the little steps that the scammers took leading up to that moment, that was it. It was an absolutely brilliant scam, which really required perfect timing on the part of the scammers and really good phone manipulation tactics. And then, yeah, once you put in the two-factor authentication code into that fake website, those scammers can now access your account, including your photos, your emails, your contacts, your notepad, your passwords, and everything else in your account. Now, Eric, he realized that he made a mistake right away. That's because at 3:47 p.m., while he's still on the phone with this person, immediately after he punched the code into the website, he received an email from Apple saying that someone using a Mac Mini has just signed into his iCloud account. Here's what he wrote. Quote, "Seconds after entering that code, an email arrived which made my blood run cold. A device I didn't own had signed into my account. This wasn't legitimate. I told the rep who I was still on the phone with. He said it was expected as part of the security process. I challenged the URL. Appeal-app.com wasn't an Apple subdomain. He insisted this was standard procedure. I held firm. The call dropped. Now, seeing the mistake that he had made, Eric immediately reset his iCloud password again and within minutes that Mac Mini device vanished from his approved devices list, which is good. He caught the attack in time. However, if he didn't realize what had just happened, perhaps if he wasn't standing in front of his email, then the scammers would have only needed a few minutes within his account to really cause some serious havoc. And so, that's the scam. One of the most convincing, well-timed Apple scams out there that I've ever seen, at least. And one of the reasons that it works so well and something that you should be aware of if you happen to use Apple products is the fact that anyone can create an Apple support claim in anyone else's names. That's the scam. That's the tactic that the scammers utilized. Quote, "The attackers exploited a critical flaw. Apple's support system allows anyone to create legitimate support cases in others names. This generates real case numbers that verify on Apple's website, official emails from apple.com domains, complete credibility using Apple's own infrastructure. And so really watch out for this. Even if you get a real genuine support ticket from Apple themselves, it doesn't actually mean that the person who calls you right away afterwards is a real Apple employee. And on top of that, perhaps this is the best advice to avoid these problems altogether. Quote, Apple says, "Don't answer suspicious phone calls or messages claiming to be from Apple. Instead, contact Apple directly through our official support channels. It doesn't matter the lure. Do not take the call. It really is as simple as that. If you get an unsolicited or suspicious phone call from someone claiming to be from Apple or Apple support, just hang up. The FBI is very clear on this as well, saying that know that legitimate companies will never call you and offer tech support out of the blue. If you get a call like this, hang up. If you remember that as a binary, you'll be protected from these attacks, whether it's Apple or Google or a bank or any other organization, hang up and either login as usual or call a publicly available support number. And so, there you have it. One of the most clever scamming tricks I've seen this year and a simple way to avoid it. If you'd like to read Eric Morray's full telling of what had happened to him, I will throw that the link to his article, you can find it down in the description box below, right below those like and subscribe buttons, both of which I hope you already smashed, but if you haven't, that was another opportunity. And then lastly, if you appreciate this type of content and if you say to yourself, "Wow, you know, Roman might have saved me from falling prey to a scam that probably would have cost me at least several hundred dollars of, you know, money I could have lost or maybe legal fees I would have had to pay to, you know, fix my account issues." Okay, that's nice of him. Well, you can take that saving, those potential savings, and you can use them to try the Epic Times with our trial subscription offer. Right now, you can try a full Epic Times subscription for a fraction of the price. It's basically a trial offer. We're just trying to get you through the door, get you hooked on the Epic Times content, and hopefully then you'll be a subscriber for a long time. But you, of course, don't have to be. You can cancel anytime. But with that subscription, you'll get access to everything, all the articles, the infographics, the videos, the shows, the documentaries, the analysis pieces. Basically, everything we have on there going back 20 years, but also into into the future as things develop in the real world. you'll get access to all the articles covering the real life developments. So check it out. If you've been on the fence about trying the Epic Times, now is a great opportunity. That's why we have the trial offer to kind of put you over that fence. And so yeah, try it out. The link will be down there in the description box below. Hope you click on it. Hope you join us over at the Epic Times where it's a lot of fun. The community section is great. A lot of uh subscribers there talk about the articles. Each each article, the comment section sometimes is even more interesting than the article themselves. the article is the facts, but then in the comment section, you can kind of get people hypothesizing how this story relates to another story. Kind of really kind of builds out a good world view. So, it's a lot of fun. Check it out. The link will be down there in the description box below. Hope to see you over there. And then until next time, I'm your host, Roman from the Epic Times. Stay informed and most importantly, stay free.