this post was submitted on 15 Mar 2025
1114 points (98.2% liked)

Programmer Humor

21680 readers
570 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
1114
Report Phishing (lemm.ee)
submitted 4 days ago by AnonomousWolf@lemm.ee to c/programmer_humor@programming.dev
52 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] Brickhead92@lemmy.world 230 points 4 days ago (18 children)

I had one a about a month ago now that I was actually impressed with how they did it.

I have a Apple account just for the kids Apple devices (required for school). Received an email from Apple support about fraudulent activity and that they'd call at sometimes. I thought that was weird and checked out the email and everything was legit.

Call came in a little early then in the email. They knew all the right details including the case number, sent a verification code to my mobile from a short code SMS "iCloud" and at that point they had me. But only until they asked me to go to a site apple.somebullshit.com. Well apple isn't going to use a domain that's not *.apple.com. went there anyway to check and the SSL cert was from Let's encrypt, apple ain't using let's encrypt.

20 years in IT, that's the closest I've been in. Very long time to falling for something.

[–] Infernal_pizza@lemm.ee 22 points 4 days ago (2 children)

So are you saying the original email genuinely was from Apple? If so do you have any idea how the scammers got all that info? And did you ever receive the legitimate call back from Apple?

[–] dependencyinjection@discuss.tchncs.de 20 points 4 days ago (2 children)

I’m just speculating but maybe they (scammers) filled out a fraudulent activity form on the Apple site on behalf of the victim and then called before an Apple rep did.

[–] Ziglin@lemmy.world 2 points 3 days ago (1 children)

Wouldn't they still need to know the username and telephone number then? That seems like something most people would be unable to link.

[–] dependencyinjection@discuss.tchncs.de 2 points 3 days ago* (last edited 3 days ago)

Again I am going in to the realm of conjecture here over a little post, but maybe they had loads of information on Apple users from a data breach and this is how they were capitalising on them.

[–] Brickhead92@lemmy.world 2 points 4 days ago

Yeah that's how I think they did it.

[–] Brickhead92@lemmy.world 6 points 4 days ago

Yeah it was a legit apple support email and I compared it to the email I received after calling apple and starting a new case to give them all the info I could about the scam.

I assume that got my info from a data leak somewhere.

load more comments (15 replies)