An iPhone user on TikTok says he was targeted by hackers posing as Apple this week as part of a high-level scam.
TikTok user Jon Rettinger explained in a video posted on Sunday how he began receiving alerts indicating that someone was attempting to reset his password.
“That seemed weird,” he explained. “So I went and changed my AppleID password from my iPhone just for an extra layer of protection.”
This is nuts. Stay vigilante.
But just two minutes later, Rettinger says he received a phone call that appeared to be coming directly from Apple.
“The caller ID said Apple,” he noted.
The individual on the phone told Rettinger that they had detected the two password reset attempts as well as the actual password reset and were concerned about potential fraud.
Rettinger, who lives in California, says the caller further alleged that the password reset attempts had been made by someone in Canada.
The caller then proceeded to ask the TikToker to enroll in an “Advanced Protection” program allegedly offered by Apple. Although Rettinger began to suspect something was amiss, the caller said the program would freeze his Apple account to ensure no further password reset attempts could be made.
But Rettinger says that is when the “red lights” began to go off in his head. The caller claimed that in order to enroll him in the program, the TikToker would have to read off a two-factor authentication code sent to his phone.
After Rettinger began to protest, the caller quickly hung up the phone.
“So this scam is going on,” he said. “This was pretty advanced. Caller ID said Apple and everything. Be on the lookout for it. Apple if you are watching, fix this.”
Rettinger’s TikTok video has since racked up well over 1.4 million views and more than 3,000 comments.
While further details haven’t been made available, the scammers, who likely used caller ID spoofing software, were almost certainly attempting to get the TikToker to read off a two-factor authentication code that would allow them to reset Rettinger’s password and access his account.
The Daily Dot reached out to Rettinger for comment but did not hear back by press time.
Countless users flooded the comments with recollections of similar experiences as well as advice for other Apple customers.
“As an Apple Sr. Advisor, Apple never calls customer for Apple ID issues,” one commenter wrote.
Another user noted that they too had been targeted by the scam despite not evening owning an iPhone.
“I love it when ‘Apple’ contacts me about my iPhone and I have a Galaxy,” they wrote. “Sure, seems legit.”
Others defended Apple against Rettinger’s request that the issue be fixed, noting that the issue is out of the company’s hands.
“It’s not an Apple problem, it’s an FCC and Telecom problem to fix,” one user said.
The Daily Dot emailed Apple’s public relations department to inquire about the scam but did not receive a reply.
The story highlights the importance of not only using unique passwords for every service online, which can be safely stored in a password manager, but in enabling two-factor authentication when offered.
For further reading, check out the Daily Dot’s guide to protecting your private information online.
*First Published: Sep 9, 2022, 1:35 pm CDT
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.