iOS crash warnings scam targeted iPhone and iPad users in US and UK

Pierluigi Paganini July 18, 2015

According to a report published by The Telegraph, scammers are targeting iPhone and iPad users with a new elaborate scheme that relies on iOS crash warnings

Scammers are targeting iPhone and iPad users with a new-old elaborate scheme that relies on iOS crash warnings.

Scammers are using JavaScript generated dialogs to display IOS Crash warnings, as explained by the experts at F-Secure,  the IOS Crash Report scam is a variation of the technical support scam.

cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.” wrote F-Secure.

The new fraud scheme going around the English-speaking world, according The Telegraph, iPhone and iPad users in the US and the UK have started getting pop-ups on their devices, informing them the iOS had crashed and that they need to call support in order to fix the problem.

The scam was first reported in the US at the end of 2014 and it is still being used across the United Kingdom.

Scammers are targeting the Safari browser used by iOS devices, they request victims to call the helpline and pay between $19 (£12) and $80 (£51) to fix the problem.

Different payments are requested to users in the UK, they were requested to pay for £20 to fix the crash.

“Scammers have targeted Safari, the default web browser for iOS devices, telling users in the US to ring the helpline and pay between $19 and $80 to fix it. Users in the UK have also reported the issue, with one saying they had been asked for £20 to fix the crash.” states the Telegraph.

Let’s analyze the schema step by step, when browsing users receive a notification warning:

“Warning!! iOS Crash Report!!. Due to a third party application in your device, iOS is crashed. Contact Support for Immediate Fix.”

Some users reported the pop-up caused the freezing of their browser.

iOS crash warnings

The warning displayed on the iOS device gives one of a set of numbers to dial (i.e. 0800 279 6211 and 0800 310 1061). Users in the UK who called the helpline were informed of the presence of a malware on their device that is stealing data, the operators demanded credit card details in order to solve the issue and eliminate the malicious code.

In order to fix and block these crash reports, Apple says users should:

  • Switch to Airplane Mode
  • Delete Safari Data: Settings > Safari > Clear History and Website Data
  • Exit Airplane Mode

The Telegraph wrote:

“To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups.”

Unfortunately, this suggestion is not correct.

“Safari’s “Fraudulent Website Warning” and “Block Pop-ups” features didn’t prevent the page from loading. What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.” continues F-Secure.

A Google Search returns several live scam web sites containing the text used by fraudsters:

“Due to a third party application in your phone, IOS is crashed.”

Browsing the malicious websites with Google Chrome for Windows:

iOS crash message 3

“Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)” explained experts at F-Secure.

Please spread this news, awareness on scam could limit the efficiency of the fraudsters’ action. As usual, let me suggest to never give the iCloud credentials, financial information over the phone, neither dial a given number.

Users victim of this scam should report it to Action Fraud on 0300 123 2040 or online www.actionfraud.police.uk.

Pierluigi Paganini

(Security Affairs – iOS crash warnings, Apple)



you might also like

leave a comment