Apple has issued a cautionary alert to iPhone and iPad users, advising them to exercise vigilance when receiving unexpected FaceTime calls. This advisory comes amid a surge in social engineering scams, where cybercriminals pose as financial institutions or Apple Support to gain access to personal credentials and bank accounts.
FaceTime Utilized in Deceptive Bank Scams
According to research by Malwarebytes, scammers are leveraging FaceTime calls to exploit victims’ trust through live video interactions, a departure from traditional phishing techniques. The scam begins with an alarming text about fictitious account problems, followed by an unsolicited FaceTime call.
During the call, the scammers employ a scripted approach: they create a sense of urgency by claiming unauthorized activity or technical issues with the account, pressuring the victim to verify financial or Apple ID information. In more sophisticated cases, victims are instructed to install remote access tools or share multi-factor authentication codes.
Growing Threat of Multichannel Social Engineering
The use of FaceTime for these scams underscores a growing trend in multichannel social engineering, where attackers exploit trusted communication methods to bypass traditional defenses. Malwarebytes researchers highlight that these scams are increasingly part of multi-stage attacks, combining stolen credentials with browser vulnerabilities to execute malicious software.
This tactic allows attackers to escalate their access from basic app-level breaches to full system control. Campaigns like DarkSword demonstrate the potential for these methods to exploit outdated devices, capitalizing on delayed security updates.
Steps to Protect Against FaceTime Scams
To combat FaceTime-related fraud, users and organizations are encouraged to adopt stringent security practices. These include verifying communications through official channels, ensuring iOS and iPadOS are up to date, utilizing mobile anti-malware software, and reporting scams to Apple.
Financial institutions and Apple do not use FaceTime for urgent security communications or payment recovery. If prompted for immediate credential verification or screen sharing during a call, users should disconnect and verify their accounts through secure, verified methods.
Strengthening security operations centers with advanced threat detection tools is crucial in mitigating these risks and ensuring rapid response to emerging threats.
