Skip to content
July 4, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Malware
  • Phishing Scam targets iOS user in India
  • Malware

Phishing Scam targets iOS user in India

Do Son July 31, 2018 3 minutes read
Phishing Scam iOS user
Add as a preferred
source on Google

Tech support scams from India has recently been found to play with new tricks – scammers send phishing emails to Apple users, if users access them to fake Apple sites, and then call the Apple Care customer service phone. Because it is difficult for ordinary users to understand the complexity of phishing and the format of web pages, it is easy to mistakenly believe that their devices have been “locked for illegal activity.” After the victim clicks to complete the call, the scammer will follow to get money.

In recent years, due to the rise of the mobile Internet and smartphones, technical support scam have begun to focus on the mobile field. Because many people’s lives are closely linked to mobile devices, these goals have become “new grease.”

Jeremy Richards, a threat intelligence researcher at mobile security service provider Lookout, said:

“People are just more distracted when they’re using their mobile device and trust it more.”

 

Email addresses associated with Apple’s iCloud service are vulnerable to this type of phishing scam. The security researcher tried to dial the  Apple “security service” prompting on the page, and the person answering the call claimed to be “Lance Roger from Apple Care.”

According to the routine script, the user will receive a message with a headline horror, such as “[username], Critical alert for your account ID 7458” It tries to imitate the official format, but the discerning person will always find something unnatural.

For example, this fraudulent email may warn that your login attempt for your account (email address) has been blocked and someone has just tried to log in to your profile with your password.

However, after clicking the ‘Check Activity’ button below, it will be redirected to a fraudulent website in somewhere in India. This page uses JavaScript to obfuscate the code and redirect the victim to another website. The site then jumps to applesecurityrisks.xyz again – a fake Apple Care support page.

Even worse, it uses the ‘tel’ event to activate dialing. When the user clicks, they try to initiate a FaceTime call on the iOS device.

 

The animated dialog on the screen will urge the victim to confirm the call after all their devices have been “locked for illegal activity.” But in fact, the website script will determine the user’s device type through the browser’s UA:

“window.defaultText=’Your |%model%| has been locked due to detected illegal activity! Immediately call Apple Support to unlock it!’;”

Fortunately, security researchers have passed the technical details of the phishing scam site to Apple security team members. Although the malicious site is still active, both Google and Apple have marked it as a phishing site.

Source, Image: arstechnica

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Related coverage

  • Researcher warns: Java-Based Stealer Spreads via Cracked Software
  • Deceptive “DeepSeek-Claw” Skill Hijacks OpenClaw Agents to Steal Credentials
  • Malware Alert: Banshee Stealer Targets macOS Users
  • APT37 Escalates Cyber-Espionage on South Korea: New RoKRAT Backdoor Uses Stealthy LNK Files & Steganography
  • New Yurei Ransomware Emerges: Go-Based Variant Uses Advanced Anti-Forensics for Irreversible Double Extortion

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: iOS user Phishing Scam

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2024-14037CVSS 9.8
    Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2026-8451CVSS 8.8
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured...
    Admin intel📅 Updated: Jul 2, 2026
  • CVE-2026-8037CVSS 9.6
    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to...
    Admin intel📅 Updated: Jul 1, 2026
  • CVE-2026-45659CVSS 8.8
    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
    CISA KEV📅 Added to KEV: Jul 1, 2026
  • CVE-2026-48558CVSS 10.0
    SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
    Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
  • CVE-2026-46817CVSS 9.8
    Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
    Admin intel📅 Updated: Jun 29, 2026
  • CVE-2026-28496CVSS 9.4
    FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
    Admin intel📅 Updated: Jun 25, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-58426CVSS 9.6
    Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read...
  • CVE-2026-58289CVSS 9.0
    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based)...
  • CVE-2026-22874CVSS 9.6
    Gitea versions up to and including 1.26.2 have incomplete SSRF protection in...
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by...
  • CVE-2026-4321CVSS 9.8
    Improper neutralization of special elements used in an SQL command ('SQL injection')...
  • CVE-2026-14544CVSS 9.8
    A flaw was found in HPLIP (HP Linux Imaging and Printing Software)....
  • CVE-2026-9725CVSS 9.1
    The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress...
  • CVE-2026-13768CVSS 10.0
    Gardyn devices expose a privileged iothubowner key. Access to this key will...
  • CVE-2026-57100CVSS 9.9
    Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an...
  • CVE-2026-45499CVSS 9.9
    Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to...
Powered by CVE WATCHTOWER

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.

    We respect your inbox. Unsubscribe anytime.

    Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.