RE: https://mastodon.social/@jagsworkshop/116288326042688247
The first rule of Apple support: Apple will never call you first.
Also: Use a password manager. If you inadvertently click a link that asks for your login credentials, and your password manager doesn’t fill them in, *proceed with caution*. It's not foolproof, but it’s a good backstop against fraudulent domains.
@tperfitt Unexpected as in timing, or as in unrelated to something in flight?
(Importantly, I expect none of these calls are asking you to visit or click on a random link?)
What's your validation process when you get those calls?
@JasonAnthonyGuy Timing is also problematic. I have been told multiple times that someone from (app approval | MFI | business verification | etc) will be calling but it might be days or 2 weeks before they call. During that time, i could get a call that sounds related but is a scam.
Now that I think about it, getting a list of iOS app devs and calling them and saying that I am from app review about their app in review would probably be pretty successful.
@tperfitt I think if start from the premise that "Apple will never call first,” you can go into a call with “Apple” with a heightened sense of skepticism that can help protect against being scammed.
And yeah, developers are a vulnerable cohort. I would expect someone from App Review (to use your example) to give enough context to make it clear they're legit, and those calls won't include being asked to log into a site they text or email.
Even so, we all have to be hyper-vigilant.
Jason Anthony Guy
Timothy Perfitt