A new phishing scam discovered by Ars Technica has upped the complexity of e-mail messages to drive users to a fake website where a Javascript will pop up a system dialog box to start a phone call to a call center impersonating Apple support. According to the report by Ars Technica, the scam is quite deceptive, with a realistic looking webpage telling users that their iPhone has been “locked for illegal activity” by Apple and directing them to click to call support in order to remove the lock.
The current phish is targeted at iCloud e-mail addresses, and would appear to be designed to trick iPhone users into enrolling their devices into a rogue mobile device management “Apple security service” that would in fact actually allow hackers to push compromised apps onto a victim’s iPhone. More technical details on the nature of the phishing scam can be found in the original report on Ars Technica.
.