Tag Archives: iphone

Gone (Almost) Phishin’

Tech, ,

This is a little embarrassing to share, but I’d rather someone else be able to spot a dangerous scam before they fall for it. So, here goes.

One evening last month, my Apple Watch, iPhone, and Mac all lit up with a message prompting me to reset my password. This came out of nowhere; I hadn’t done anything to elicit it. I even had Lockdown Mode running on all my devices. It didn’t matter. Someone was spamming Apple’s legitimate password reset flow against my account—a technique Krebs documented back in 2024. I dismissed the prompts, but the stage was set.

What made the attack impressive was the next move: The scammers actually contacted Apple Support themselves, pretending to be me, and opened a real case claiming I’d lost my phone and needed to update my number. That generated a real case ID, and triggered real Apple emails to my inbox, properly signed, from Apple’s actual servers. These were legitimate; no filter on earth could have caught them.

Image

Then “Alexander from Apple Support” called. He was calm, knowledgeable, and careful. His first moves were solid security advice: check your account, verify nothing’s changed, consider updating your password. He was so good that I actually thanked him for being excellent at his job.

That, of course, was when he moved into the next phase of the attack.

He texted me a link to review and cancel the “pending request.” The site, audit-apple.com, was a pixel-perfect Apple replica, and displayed the exact case ID from the real emails I’d just received. There was even a fake chat transcript of the scammers’ actual conversation with Apple, presented back to me as evidence of the attack against my account. At the bottom of the page was a Sign in with Apple button that he told me to use.

Image
Image

I started poking at the page and noticed I could enter any case ID and get the same result. Nothing was being validated. It was all theater.

“This is really good,” I told Alexander. “This is obviously phishing. So tell me about the scam.”

Silence. *Click*.

Once I’d suspected what was happening, I’d started recording the call, so I was able to save a good chunk of it, which Jamie Marsland used to make a video about the encounter. You can hear for yourself exactly how convincing “Alexander” was.

So let my almost-disaster help you avoid your own. Remember these rules.

  • Don’t approve any password-reset prompts—those are the first part of the attack. Do not pass Go, just head directly to your Apple ID settings. 
  • Apple will never call you first. 
  • When you get an email from Apple—or, really, anyone telling you to complete a digital security measure—check the URL they’re trying to send you to. Apple Support lives on apple.com and getsupport.apple.com, nowhere else.

After all, the best protection is knowing what this looks like before it happens.

Trying out Nexus One

Asides, ,

This week I’ve taken the SIM card out of my iPhone and put it in the Nexus One, which I’m going to try to stick with for the next week. I love my 3GS, but I’m just hungry for something else as the iPhone has felt a little stagnant lately, and the Nexus has the most beautiful hardware — it’s a pleasure to hold and look at. So far I’m really happy with the screen, the grass live background, the Google and Facebook contact syncing, news/weather widget, Google Voice (!), and I’ve gotten pretty accustomed to the UI. (Only other Android device I’ve tried was the G1, and that lasted 10 minutes.) I’m not impressed with the email application IMAP support, the app store seems a bit anemic, and the camera application crashed once when I was trying to take a picture. I’ve found equivalent apps for the most-used stuff on my iPhone.

iPhone IMAP Tip

Uncategorized, , , , ,

Hopefully this will help some future searchers. After the last iPhone update all the folders in my cPanel / Courier IMAP account started showing up in the Mail app, but I could not select them or move mail to them. I’d get an error like “mailbox does not exist” even though some part of the iPhone knew it did because it could see them. I Googled around and found that if you go to Settings > Mail > you@example.com > Advanced you could set an IMAP prefix to get everything working.

So I did, but nothing changed. However I deleted the account, reset it (hold down the top button), added the account back, set the prefix, reset again, and then all the folders started working. The advice I found worked, but there was some setting stuck somewhere that needed to be flushed out. Being able to file messages and read other folders from my iPhone is amazing. I was on the fence about the utility of the iPhone before, now I’m completely sold. It’s actually more fun than doing it in Thunderbird.

iPhone Disappointment

Asides, , ,

The process of buying the Apple iPhone was pretty easy. Glenda and I walked into a store in Daly City at about 8:30 PM and each ordered one, and walked out. No lines. The device is physically much more elegant and smaller than I expected, and the iTunes-integrated signup process was fairly smooth. However, it’s been hours now and still no activation, which means I have a very expensive paperweight, which is worse than not having it at all. Update: Approximately 16 hours after my inital setup, I now have a working phone. I was contemplating taking it back, but I’m glad I didn’t.