Emerging Social Engineering Attack – FaceTime

What do social engineering and FaceTime have in common? Identity.

How do most people identify you? Typically by looking at your face. Sure, it’s a quick glance but that is all it takes to know who you are. Humans are made to search for faces by default and an instant level of trust is established with a familiar face. There is a new scam going around specifically targeting iPhone users. An unknown number calls you using FaceTime. Decline the call, they call right back. Decline it again, the same thing. Then the text messages start, hey sorry! (insert smoochy face, purple devil, kiss, random emoji) I just need to ask you a quick question. If you answer, someone on the other end says they are having trouble with their camera and to hold on. Your face and surroundings, however, are in clear view. They spend the next couple of seconds “fumbling” around and then the call ends. What just happened? Your face and phone number are now captured by an attacker. Various things may happen depending on what they think they can use. A new Facebook account with your likeness, twitter account, or perhaps an email phish with your face as the sender? Scary stuff. I am sure like me, you are thinking, well can’t they get my profile picture from XYZ social site anyways? I am sure they have it already. But now instead of a single picture, they have more. This is what we call building credibility.

Be on alert for FaceTime video requests from unknown numbers. Block the number as the first line of defense.

Leave a Reply

Your email address will not be published. Required fields are marked *