A malicious campaign targeting Mac users seeking support or extended warranty services through AppleCare+ has been uncovered.
This scam involves perpetrators purchasing Google ads to lure victims into visiting fraudulent websites hosted on GitHub, a platform owned by Microsoft.
The aim is to connect unsuspecting users with scammers posing as Apple representatives, using social engineering tactics to extract money from them.
The Deceptive Strategy: How the Scam Operates
The scam begins when users search for Apple support online. Due to a lucrative partnership, Google, which reportedly paid Apple $20 billion as the default search engine, displays search results in Safari, including ads.
These “Sponsored” results can appear prominently, sometimes even above legitimate Apple contact information. In some cases, multiple malicious ads are displayed before any genuine results.
Users who click these deceptive ads are redirected to a fake AppleCare+ customer service page. This page invites users to call a toll-free number, purportedly belonging to Apple.
However, victims are quickly connected to scammers operating from call centers overseas. The fake customer service pages are hosted on GitHub as standalone HTML templates using Apple’s branding, making them appear legitimate.
GitHub: A Platform Exploited
The scammers have created multiple GitHub accounts, each hosting repositories with fraudulent templates. These templates mimic Apple’s branding to deceive users.
As evidenced by GitHub’s commit history, scammers can easily swap phone numbers during active campaigns if one is reported and blocked.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
An exciting piece of code within these pages, known as “autoDial,” automatically opens the phone dialog menu, reducing the number of clicks required for victims to connect with scammers impersonating Apple representatives.
GitHub has responded to this issue, taking down the reported malicious accounts. However, the ease with which scammers can create new accounts and templates poses an ongoing challenge.
Risks and Consequences for Victims
According to Malwarebytes reports, this scam is particularly dangerous due to the combination of malicious Google ads and convincing lookalike pages.
Scammers prey on users’ trust in Apple’s brand, leading them to believe they interact with legitimate service agents. The financial risks are significant, as victims can be defrauded hundreds or thousands of dollars.
Scammers often instruct victims to withdraw money from their bank accounts and send it to them through various means.
In some cases, fraudsters request sensitive personal information, such as the victim’s name, address, social security number, and banking details. This information allows scammers to engage in further fraudulent activities, including identity theft or blackmail.
Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar