← Bookmarks 📄 Article

A Day in the Life of a Prolific Voice Phishing Crew – Krebs on Security

Voice phishing gangs are weaponizing Apple and Google's own infrastructure to make scam calls indistinguishable from real support—spoofing numbers to trigger legitimate Apple notifications and using Google Assistant to initiate contact, all while operating as organized criminal enterprises with defined roles and profit-sharing agreements.

· startups business
Read Original
voice phishingvishingsocial engineeringApple security
Google Assistantcaller ID spoofingcryptocurrency theftphishing panelscybercrime operationsTelegram cybercrimedata brokersautodoxersStar FraudCrypto ChameleonMark Cuban
Summary used for search

TLDR

• Scammers spoof victim phone numbers to call Apple's support line (800-275-2273), triggering real Apple Account Confirmation prompts that make victims believe they're talking to Apple
• Operations run like businesses: 4-person teams on Discord (Caller, Operator, Drainer, Owner) screen-sharing during attacks, with 10% panel rental fees and predetermined profit splits
• "Autodoxers" automate victim research by pulling SSNs, addresses, and property values from hacked data broker accounts, then sort targets by wealth
• Social engineering scripts abuse legitimate services—like signing victims up for Coinbase newsletters—to prove they can send emails from trusted domains
• Groups constantly implode from "snaking" (internal theft), but criminals fear each other more than police, so they operate openly on Telegram/Discord despite the risk

In Detail

A leaked insider view from a disgruntled scammer reveals how voice phishing gangs exploit legitimate Apple and Google infrastructure to make their attacks nearly undetectable. The key technical trick: spoofing a victim's phone number to call Apple's automated support line, which then sends genuine Apple Account Confirmation prompts to all the victim's devices—making targets believe they're really talking to Apple support. Google Assistant is similarly abused to initiate two-way AI conversations with targets.

These operations function as organized criminal enterprises with specialized roles coordinated via Discord screen-sharing. The Caller handles social engineering, the Operator manages the phishing panel (moving victims through fake pages), the Drainer empties compromised accounts, and the Owner (like "Perm," who runs the Star Fraud community) takes a 10% cut of all thefts. They use "autodoxers"—bots that query hacked data broker accounts—to pull full victim profiles including SSNs and property values, then sort target lists by wealth. Their phishing panels stay offline except during active attacks and use CAPTCHAs to avoid security scanning.

The social engineering playbook includes clever trust-building techniques like signing victims up for Coinbase's public newsletter to "prove" they can send emails from coinbase.com. High-profile victims include Mark Cuban, who lost $43k after falling for the scam while rushing between Shark Tank pitches. Despite operating openly on Telegram and Discord, these groups persist because internal theft ("snaking") is so common that criminals prioritize reputation systems to protect against each other over operational security against law enforcement.

Related

📄 The Brand Age How Swiss watchmakers survived the quartz crisis by transforming from precision ... 📄 What I've Been Up To Lately | Andreessen Horowitz Content unavailable - only legal disclaimer text was captured from this a16z art... 📄 Moats in the Age of AI While everyone panics about the "SaaSpocalypse," this systematic analysis of the... 📄 Speak Greasy with Gauri Devidayal & Thrive | Ep 2.5 | Content, Community and Commerce in F&B Tech Three engineers pivoted from loyalty tech to food delivery during COVID, and now... 📄 The phone company always wins AI agents will destroy aggregation moats but supercharge network effects—making ...