Online scammers are no longer just lurking online. They're targeting your "real-life" mobile devices for clever phishing attacks 🎣 . Here's how they're doing it:
1️⃣ Steal a mobile device (usually an Apple one)
2️⃣ Wait for the owner to report it lost via their Apple account
3️⃣ The owner’s other phone number shows up on the stolen device so whoever "found" it can return it
4️⃣ Send a message to the owner with a one-time usable link to a phishing site, usually set up by a rented phishing service
5️⃣ Get the Apple unlock code using that site
6️⃣ Result? An unlocked, stolen Apple device 😡
Here are examples of domains using "Bmos" as a rented phishing service as seen on Urlscan: https://urlscan.io/search/#hash%3A280ca9b9d2c1e02ebdb5dba95946b5408b539639587e280edf3476b55cbf8f45
Spamhaus researchers observe many domains like these, every day, almost certainly involved in this kind of hybrid online and physical world scam.
And it's not only Apple...many other mobile phone brands have been spotted, likely working in the same way.
Always be mindful when using or carrying your mobile, and remember: never share your unlock code with anyone! 🤐
[#]phishing #threatintel #apple #cybersecurity #infosec
=> More informations about this toot | View the thread | More toots from spamhaus@infosec.exchange
=> View phishing tag | View threatintel tag | View apple tag | View cybersecurity tag | View infosec tag This content has been proxied by September (3851b).Proxy Information
text/gemini