Caller-ID spoofing, when callers deliberately falsify information transmitted to a phone’s caller ID to disguise their identity in an effort to extract personal information or money, has become an increasingly acute problem for cellphone users. One particularly sophisticated attempt that has been active since at least the beginning of 2019 mimics the number and logo associated with a call from Apple customer support.
As described by the cybersecurity blog "Krebs On Security":
It starts with an automated call that displays Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.
Indeed, several Facebook users reported similar instances of this scam in February and March 2019:
In a more detailed accounting of the scam, "Krebs On Security" reported the case of Jody Westby, CEO of Global Cyber Risk LLC, who “received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised. […] The message said she needed to call a 1-866 number before doing anything else with her phone.” A phone call to the 1-866 number, according to Krebs, mimicked the Apple support call center, along with an automated welcome and estimated wait times. Westby, for her part, contacted the real Apple Support Center, who told her that Apple had not contacted her and that Apple would never contact someone unsolicited.
Indeed, this is the primary giveaway that the call is a scam. As explained by Apple Inc., ”If … someone claiming to be from Apple calls and asks for your account name and password, you’re likely the target of a scam.” This is why Apple’s customer support website asks that, “If you get an unsolicited call from someone claiming to be from Apple, hang up and contact us directly.” They suggest you first contact them via their own secure website.