it’s genuenly so amazing how people who have been on the internet for a long ass time can still be fooled by a phishing scam.
i saw this tweet here and it seriously had me so confused as to how someone can fall for this shit.
yeah man, your iphone was found and apple support is going to send you a text message from a shortcode with some random ass link that asks for the phone password. its so funny too because like everybody on twitter wants to farm engagements so they turn this tweet into a “learning” or “educational” tweet. its just milking it at this point. as quoted from the tweet “Now their phishing attack is right on point because they have designed their website, even URL at such precision that anybody can get fooled and put their Lockscreen password.”
name a single time apple has asked anybody for their phones pin as a means of verification that you own the device. phone pins are stored locally and are put in a place completely isolated from the other components on a device. apple calls it the “secure enclave”, the pin is just stored in encrypted memory.
It’s seperated from the main CPU giving it it’s own security features, etc etc, read apples blog about it here
all in all apple isnt going to ask for your iphone pin, their normal means of verification is asking for your apple id login, then asking for the pin that appears on the phone itself.
in his tweet they actually fell for this scam, saying “Even Tech People can get Fooled”. no fucking way any tech person actually falls for some stupid shit like this. he talks about how he input fake passwords and usernames so when it shows up on their end and gets logged its just vulgar words, and that after many failed login attempts it supposedly revealed the location of the phone. you got these supposed tech gurus on social media who want to flex their knowledge, like he took a blatantly obvious phishing scam and made a 11 post thread about it. of course there are some people who are tech illiterate and are like “wow this is so cool” but no, if you fall for phishing scams, you deserve it, its natural selection.
imagine i email you randomly from a random email address that you have not seen before, and it just goes “Dear (your name) Your phone is now compromised and we must verify the owner still has posession, please visit this link” and the link is some bullshit like https://applelogin-secureserver-.co
are you going to click it? NO, YOU AREN’T
everybody thinks these phishing scams are so revoluionary, like how discord scams are like “scan this QR code for free nitro” and your phone will tell you that this is going to log you into another location, yet people still fall for it.
You're acting like this is a gotcha but the scammer is laughing at you whilst you pretend like you have some power over him. The only one getting fucked in this ass here is you
— Green (@AeroGain) April 21, 2024
at least i found one competent user in his replies (i hardly looked) but this guy is right. the brain rot from scrolling through the original posters feed is horrible. scammers dont want your login to steal your data 99% of the time when your phone is stolen, they just want to remove it from find my iphone so they can sell it as a working phone instead of for parts, which is what normally ends up happening because as long as a phone has been connected to an apple id once, it is tied to that account and cant be used until its removed.
there is no reason a “tech bro” should be falling for some stupid shit like this, and yes i know this post is mainly just me shitting on someone random, but they kinda deserve it. cant go a week without seeing some thread about “security breach!!!! new scam method!!!!” and its just “hey give me your credentials without proper verification”
i wonder how many people fall for those crypto support bots that automatically reply to tweets, or those fake youtube livestreams where someone pretends they’re elon musk doubling crypro, it reminds me of a time a while back when someone hacked over 100 popular twitter accounts including kanye and apple pushing some crypto doubling, send me x amount and i double it scam. do people just think big corperations randomly decide “ok now we’re apart of the crypto space”. the guy who did that scam apperently made around 100k from it before being arrested. maybe it’s desperation that gets to people, where their emotions overpower logic and they just fall victim to the most basic “attacks”
another pretty funny one is the phishing scam where i cant really tell what the goal of it is other than to use your number to log into telegram. people get these texts from random numbers saying “hey its x dont you remember me!” and “wow im so sorry let me send you a gift for accidentally texting your number”
bitch i dont want your gift.
things in this world, as we know it, ARE NOT FREE, NOTHING IS FREE, NOTHING IS THAT EASY.
if you’re an old person sure, i get it, you fall for the scam you get a pass SOMETIMES. notice patterns in social media behavior and you can easily tell when someone had their account stolen (or if they suddenly become interested in crypto) but we really don’t need all these people posting about phishing scams, unless someone pulls some high profile state level threat actor shit like the xz backdoor incident that happened not too long ago. something super sophistocated 4D chess type shit. awareness for hacked accounts make sense, but there just needs to be some sense of literacy when it comes to being online. no matter how many times corperations say they wont text you or ask for your login information, people still do it anyway.