Apple + Recommended + Security & Privacy

iOS Crash Report? Don’t Be Fooled by iPhone/iPad Scammers

Posted on by


Have you had an unusual error message popping up on your iPhone or iPad?

Keep your wits about you, because it’s possible that scammers are attempting to trick you out of your money, by posing as Apple tech support.

iPhone and iPad owners are being warned not to fall for a scam being perpetrated against iOS users that could hit them in the pocket.

As British broadsheet The Telegraph reports today, scammers have been displaying bogus error messages on potential victims’ iDevices — fraudulently posing as Apple’s technical support team.

The messages attempt to trick iPhone and iPad users into calling a phone number, where they will inevitably be asked to pay to have their precious devices fixed.

A typical message reads as follows (I’ve removed the phone number):

**** IOS Crash Report ****

IOS crashed previously due to unwanted websites visit. There is a problem with the configuration of your IOS. Please call Apple Technical Support at 0800-XXX-XXXX. Click on OK this will attempt to send a crash report to Apple. Call now Apple 0800-XXX-XXXX.

Although The Telegraph is reporting on the scam hitting users in the United Kingdom, a quick search of the Internet reveals that iOS users in North America have been troubled by the fraudsters since at least last September.

According to reports on the Apple Support forum, if the message does scare you into calling the number displayed, a “technician” may attempt to convince you that a third-party app has caused your iPhone or iPad to crash, and encourage you to tell them your credit card details to receive a fix.

In short, this scam appears to be an evolution of the “Microsoft Tech Support scam” where unauthorised parties posing as Microsoft phone computer users up out of the blue, and try to convince them that their (typically) Windows computer is infected with malware. The elderly and vulnerable are most likely to become victims, often handing over their payment card details or allowing the “tech support staff” to remotely log into the computer whereupon they can install malware.

The bogus iOS Crash Report message is a little different as it’s *you* who calls the scammer, rather than them initially calling you. But the call is prompted by the message popping up while potential victims’ surf the web.

The fraudulent alert is appearing while users are surfing websites with Safari (the default browser bundled with iOS devices), and many victims have reported that the messages can be banished by following a simple procedure:

  1. Place the phone in Airplane mode.
  2. Go to Settings > Safari
  3. Click on Clear History and Website Data

Other users have reported that it helps to ensure that Block Pop-ups is enabled (also found under Settings > Safari).

Safari settings for disabling pop-ups

It’s good that the fix is relatively easy, but that’s only helpful if you know about it.

The risk is that many people may not be so tech-savvy, and may simply believe the seemingly helpful error message that has appeared on their smartphone’s screen and make the phone call.

You can do your bit to help the community by warning your friends and family about scams like this, and reminding them that a little skepticism — especially if they get so far as being asked to reach for a credit card — could be a good thing.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →