I had one a about a month ago now that I was actually impressed with how they did it.
I have a Apple account just for the kids Apple devices (required for school). Received an email from Apple support about fraudulent activity and that they’d call at sometimes. I thought that was weird and checked out the email and everything was legit.
Call came in a little early then in the email. They knew all the right details including the case number, sent a verification code to my mobile from a short code SMS “iCloud” and at that point they had me. But only until they asked me to go to a site apple.somebullshit.com. Well apple isn’t going to use a domain that’s not *.apple.com. went there anyway to check and the SSL cert was from Let’s encrypt, apple ain’t using let’s encrypt.
20 years in IT, that’s the closest I’ve been in. Very long time to falling for something.
That’s frightening
I get that feeling when I press “report spam” and gmail suggest I “unsubscribe from them”, that that’s exactly what the spammer want, a ping back so they know I’m susceptible, that I’m an engaging fool, and get put on all the lists.
Not sure if emails work the same way, but this is how phone scammers work
If you interact with a phone scammer, send them to hell or do anything at all with them, you just get added to a big lost of people that respond to scam calls and so you get more calls
Also work on the unsubscribe button
At this point, that’s like a default corporate feature.
Yup. Done that one
