appleteams.live - Phishing or other scam disguised as Apple Support

Scam attempt with fake Apple Support site

Sometimes strange things happen. For example, I just wanted to go to ebay-kleinwerbung.de, type in the domain in the browser and land on a page that tells me I have a "popup adware virus" on my Mac. That was their reason why I was redirected to the Apple support site (appleteams.live). It's clear, isn't it?!?

Dear Apple customer,

You have been redirected to the Apple Support page because your Mac is infected with pop-up adware due to downloads from untrustworthy sources Virus was infected.

We have detected excessive POPUP ADs or SECURITY QUESTIONS on your Mac!

There may be a possible download of MALWARE or spyware .

CHAT NOW WITH APPLE SUPPORT

Note that your CASE ID is: AS11S50-hhch8nt

RECOMMENDED: CONTACT NOW

In reality I made a mistake when entering the Ebay domain and some scammers have secured this misspelled domain and are now redirecting visitors to this fake Apple site.

I landed on this page due to a typo when entering the domain. With a warning popup (see

Scareware

) should persuade me to get help via the chat." width="1024″ height="594″ /> I ended up on this page due to a typo when entering the domain. With a warning popup (see Scareware) should I be persuaded to seek help through chat.

Remote Access to Mac for "Troubleshooting"

Out of interest, I just got involved and clicked away the popup and looked at what was happening on the page. Basically there is only the chat that was actually bought by the scammers at Zendesk. This gives them a functioning chat function on the site, which they use to communicate with the "customers".

First you will be informed again that you have malware or a virus on your Mac, which will now be removed. In the course of the chat you should enter your name and date of birth. At this point I lied a bit – forgive me. ;-)

You are then addressed by name and it is explained that the chat is now being handed over to a "network expert" who wanted me to have a small tool installed for remote maintenance before we continue. So I got a link to an "emergency recovery tool" and was told to install it. Of course I didn't do that and instead wrote that the tool wanted my admin password.

Out of interest, I downloaded the app to my Mac, but didn't install it. I believe the app itself is still an official remote access tool, but I'm sure after the remote maintenance was handed over to "support" they would have started messing around.

Out of interest, I downloaded the app to my Mac, but didn't install it. I believe the app itself is still an official remote access tool, but I'm sure after the remote maintenance was handed over to "support" they would have started messing around.

I was then instructed to send him a screenshot. Of course he wanted to know where it was, because after all the goal was to control my Mac remotely, for example to use a keylogger or Trojans to install, with which the scammers then get money in some weird way.

I had asked in the chat whether their support was official Apple support, but only silence came back to this question. I think the answer is clear anyway.

In short, don't fall for these scammers. Genuine Apple support is only available on the site www.apple.com.

Recording of the chat for entertainment

I still have for you here the transcript of my chat conversation with these guys. If you like, you can read it, but the entertainment value is not very high.

Chat with us
Chat started
Apple Support
You have been redirected to Apple Support Page because your Mac is infected after downloading from untrustworthy sources. Please chat with the live agent to learn more.
Jasmine joined the chat
Jasmine: Hello (translated)
Jasmine: Now I will check your security and maintenance status, (translated)
Sir Applerot: I got an error message on my mac about popups.
Jasmine: Could you please confirm your name and date of birth? (translated)
Sir Applerot: Alfred Kleemann, April 12.04.1965, XNUMX
Jasmine: Alfred, your computer is infected with adware/spyware.
Jasmine: I need to hire a network expert to remove the buggy extensions and the proxy-Setting up your network configured, and after that everything will be fine for the next 15-20 minutes. is that ok with you (translated)
Milani has joined the chat
Sir Applerot: You can explain me how to do it, then I can do it myself.
Milani: HELLO,
Milani: This is Milani Mac expert
Milani: I will help you (translated)
Jasmine left the chat
Milani: It seems like your computer is infected with adware and malware.
Milani: Let me connect to your Mac so I can diagnose the problems. Then I will share with you the best way to fix the problem. is that ok with you (translated)
Sir Applerot: No, I want to fix this on my own with your help.
Milani left the chat

Another try from me as a new chat user...

Apple Support
You have been redirected to Apple Support Page because your Mac is infected after downloading from untrustworthy sources. Please chat with the live agent to learn more.
Sir Applerot: Hello!
Neeri has joined the chat
Neeri: Hello (translated)
Neeri: Good morning (translated)
Neeri: Don't worry, we are here to help you with all your problems. (translated)
Neeri: May I know, have you recently installed anything on your computer like Adobe Flash Player, Mac Keeper, Mac Auto Fixer, we know, etc.? (translated)
Sir Applerot: No, actually nothing.
Neeri: Now I will check your Mac's security and maintenance status. (translated)
Neeri: could you please confirm your name and date of birth (translated)
Sir Applerot: Alfred Kleemann, April 15.04.1965, XNUMX
Neeri: It seems like you accidentally clicked on some malicious or untrustworthy links while downloading online programs that bring viruses and infections in your Mac. (translated)
Sir Applerot: OK, what do I do now?
Neeri: Now your computer is infected with adware and malware.
Neeri: Let me connect to your Mac so I can diagnose the problems. Then I will share with you the best way to fix the problem. is that ok with you (translated)
Sir Applerot: Ja
Neeri: Alright (translated)
Neeri: Let me give you the steps to connect (translated)
Neeri: https://secure.logmeinrescue.com/xyz-bitte-nicht-downloaden (übersetzt)
Neeri: Please open this support link, then go to Downloads and double tap to open and run support. Log me into the rescue .dmg file to connect (translated)
Neeri: Please open this support link, then go to Downloads and double tap to open and run support. Log me into the rescue .dmg file to connect (translated)
Neeri: Hello (translated)
Neeri: are you connecting.? (translated)
Neeri: Please reply here (translated)
Sir Applerot: Moment!
Neeri: OK (translated)
Sir Applerot: I loaded it but the app wants my admin password.
Neeri: OK (translated)
Neeri: Please open this support link, then go to Downloads and double tap to open and run support. Log me into the rescue .dmg file to connect (translated)
Sir Applerot: I did that, but when I open the file and start the program inside, it asks me to enter my admin password.
Neeri: ok (translated)
Neeri: can you send me the screenshot of the screen (translated)
Neeri: Do you have Google Chrome Browser in your ma.? (translated)
Sir Applerot: Before I go any further, what kind of malware is supposed to be on my Mac?
Neeri: Mac.? (translated)
Neeri: Let me inform you before we proceed. This is your Mac security feature. If it detects a virus infection, your Mac will redirect you to the online Apple support team
Sir Applerot: But this website isn't from Apple, is it?
Sir Applerot: Hello?
End of conversation...

You can already see that there is no real Apple support at work here. After my fake conversation, I have the attempted scam here at Apple reported. There is an email address where you can report phishing, fake support calls, and other scams done on Apple's behalf.

-
Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * marked