“Remote assistance is becoming more and more popular to troubleshoot computer issues without the hassle of bringing the problematic machine to a store. Indeed, from the comfort of your own home you can let a Certified Technician remotely log into your PC and have them fix the issues you are facing,” Jérôme Segura reports for Malwarebytes. “Apple offers a screen sharing service part of its support center that puts you in touch with a remote advisor. The process is secure and requires a unique session key to authenticate into the system that the customer needs to enter at the following URL: https://ara.apple.com.”
“In today’s post we will talk about how we discovered that crooks are abusing this feature and fooling Mac users into trusting them,” Segura reports. “As we have been documenting it so many times on this blog, there has been an explosion of tech support scams via malvertising and fraudulent affiliates. All systems are targeted, not just Windows PCs and in fact, fraudulent warnings for Mac are getting extremely common.”
“These pages are designed to scare people into thinking there is something wrong with their computer,” Segura reports. “The crooks registered a website with a domain name that looks like the real Apple one (ara.apple.com) by calling it ara-apple.com. The site was registered through GoDaddy and resides on IP address 184.168.221.63. We have contacted both the registrar (GoDaddy) and hosting provider (Liquid Web) so that they can take appropriate actions in shutting down these fraudulent websites.”
Read more and see the screenshots in the full article here.
MacDailyNews Take: Let’s be careful out there!
Anyone yet pretended to play along and fool a scammer into giving out some personally-identifiable information? That would be a fun game.
They are very savvy. They will not give out any info, unless it’s about you. Of course you don’t give out any information either. That’s why it’s a game. They have fake names anyway. I really don’t understand why people work for a call center, and they knowingly lie. It’s a whole industry to scamming. How do they go home and feel good about themselves?
Money, they don’t feel.
This reminds me of those scam phone calls, when you get a call from someone claiming to be Microsoft tech support, who purportedly discovered serious vulnerability on your computer that needs to be resolved urgently and they will guide you through the process for a small one-time support fee. These are cold calls, and I usually simply interrupt with “not interested in your scam” and hang up. One time, I had nothing better to do, so I engaged. I kept asking questions, how did they discover that my computer is infected; what is the specific type of vulnerability; what is the specific version of my OS and the patch level, etc, etc. He kept blurting incoherent and absurd answers, which would probably be convincing to my grandmother (who died in the 50s). So eventually, I told him that none of what he said was true, that I only have Macintosh computers; he kept going on that it is not correct, that my Windows computer is infected and that they will have to completely remotely disable it because of this infection, unless I agree to let them fix it (for a fee). He became increasingly agitated as I kept firing back, until he eventually gave up.
Unfortunately, this is the reality of today’s world. Internet opened up another vector for criminals. Much like door-to-door scams of long ago, the internet scammers dupe naïve unsuspecting people into giving up private information or money to the criminal.
The cat-and-mouse game continues…
I’ve actually taken to acting quite concerned that something like this could possibly happen to my PC (I can imagine the guy smiling his ass off, that he finally got one) and have him start walking me through the process. As soon as he gets to click on the “start menu” I ask him where it is, he keeps trying to explain it to me and I tell him I can’t see what he’s asking me to click. We go a few more rounds of that, and he asks me to click a few more things that don’t exist, and after wasting a bunch of his time, I let on that I use a Mac and if he’s stupid enough to think he’d be able to fool anyone with his heavily accented BS, he deserves to have his time wasted too.
Same thing happened to me once… I kept putting him on hold as I told him I had to step away for a second (while I did actual work). I would check back in periodically and apologize. He gave up after the better part of an hour total on hold as my absences got longer and longer… doofus never called back.
You guys have way more patience than me. The first time I got one of those calls, I said “I don’t own a Windows computer” and hung up. The next time (yes, they called AGAIN), I did the same thing, more firmly. They called AGAIN! This time I screamed “I DON’T OWN A WINDOWS COMPUTER, YOU [severe vulgarity]!! STOP F***ING CALLING ME!”
Must have done the trick. No calls since.
——RM
I did exactly the same same thing the first time they called, and the second, and the third. The fourth time, I thought what the hell and now I screw with him (I swear to God it’s the same guy every time!) as long as he’ll let me. You guys all gave me some great ideas for the next time 😉
If you have the time, try and spend as much time with him as possible. The more time he spends with you, the less time he spends scamming someone else, and the less money he makes.
Besides, it’s kind of fun!
I once got a phone call from “India.” I had a virus on my computer. I had never heard about this before. I mean the scam was new to me. However I am a support guy myself. With my wife sitting next to me, I played along. I had already indicated to her what was going on. I asked how they knew what was wrong. Their response was to show me the Event Viewer. (I am on a Mac, but I had a VM, so I used that for reference.) I said there’s all these yellow and red marks. Of course that was a virus, and I need to take care of it right away. I contemplated letting them into my VM after taking a snapshot. But I ended going a different rout. What’s the next step? He wanted me to go to a website to initiate a remote support session, and they will fix my computer. We aren’t talking about money yet. I said, “I don’t have Internet. I live in the mountains. Can I call back and finish this when I am in town?” No, I can’t call him back, he has to call me and could we set up a time. I played with him for a little bit, negotiating a call back time, and all sorts of problems preventing our future appointment. My wife, in the mean time is on the floor trying not to injure herself. Finally he gave up and disconnected.
The first thought I had, after that, was my dear parents. I called them and told them my story and to not let anyone give them tech support, unless it was me or my brothers.
I have had a couple more calls since then and I simply hang up now.
ara-apple.com is now blocked due to a “phishing threat.” Well done.
No, it isn’t. Neither is ara.apple.com.
Using Safari.
Fairly standard phishing practice.
More concerning…
I received an email purportedly from Apple Support entitled “You have 3 AppStore messages” easy to eradicate in OSX but in iOS 9 Safari, clicking Trash brought up another window with only a login box and no back button.
Quit via home button – disabled.
Double click home button to get Launcher – disabled.
Screen grab – disabled.
Hard restart option was the only way to quit Safari. I then had to manually trash it three times to get rid of it. Not good
I have encountered the same thing on iOS – pop ups without any way to get rid of them. Some of them seem to be “modal” in the sense that you cannot do anything else until you clear the pop up window, and the only way to do that is to hit “OK” (not going to do that!) or hard restart. But, most of the time, you can just shift to another tab and kill the offending one, or shut down Safari completely and start it up again.
I get “Apple Support” messages from Ireland daily.
Are they taxed? 😉
These scammers should all be murdered.
Did someone exchange your apple juice for another yellow bodily fluid this morning? Enough of the death and destruction, OK?
Jeez. Get over yourself. #panzy #loser
That would be too painless, lets just make them use mikkkrosoft for eternity
done
Right. Murdered 🙂
Apple does NOT interrupt your web browsing with these ridiculous warnings ever! If you are browsing the web and a page comes up with a warning about being infected STOP!
DO NOT CALL THAT NUMBER!!!!!!!!
Use this keyboard command to force quit your browser. Hold down the option and command keys then also press the escape key. You should get a force quit window listing all the applications that are open. Highlight/ select your browser and click the force quit button. To open your browser hold the shift key down and click on your browser to open it again.
It should open to a default page and not reopen the scammers page. You can now resume browsing as normal.
What happens when they call an IT person? We waste there time! https://www.youtube.com/watch?v=7T3e34DzGvo
MDN
Hill Street Blues Line. I love it.
I like to keep a disposable boat air horn near my phone for these important calls from “apple support” I call the number and talk really quiet for a minute and pretend to be really scared. Then “BWAAAAAAAAAA!!!”
right into the phone.
Somehow my number has been blocked from them. Hmm. So sad.