A new and troubling scam has emerged, targeting Mac users seeking assistance through AppleCare+. Cybercriminals have devised a scheme where they create fake AppleCare+ support sites, deceiving victims into believing they are contacting legitimate Apple representatives. These fraudulent sites are promoted through deceptive Google ads that appear prominently in search results, often overshadowing genuine Apple support links. Users who click on these ads are redirected to fake customer service pages hosted on GitHub, which are designed to look like official AppleCare+ interfaces.
Once users are on these counterfeit sites, they are prompted to call a toll-free number purportedly belonging to Apple. However, this number connects them to scammers operating from overseas call centers. These scammers use social engineering techniques to convince victims to provide sensitive information or make payments for non-existent services. The use of Apple’s branding and professional-looking web pages adds an additional layer of deception, making it challenging for users to distinguish between real and fake support.
GitHub, the platform hosting these fraudulent pages, has taken steps to remove the reported malicious accounts. Despite these efforts, the scammers’ ability to quickly create new accounts and deploy updated fraudulent templates presents an ongoing challenge. The malicious sites often include an “autoDial” feature that opens the phone dialer automatically, making it easier for scammers to connect with their victims.
The financial and personal risks for victims are significant. Scammers not only exploit users’ trust in Apple’s brand but also potentially steal hundreds or thousands of dollars. Furthermore, victims may be asked to provide personal information such as Social Security numbers and banking details, which can lead to identity theft or further financial fraud. Users are advised to be cautious when searching for support services online and to verify the authenticity of any service pages they interact with.
