cognitive cybersecurity intelligence

News and Analysis

Search

Hackers Abuse FaceTime Calls to Impersonate Banks and Hijack Victims’ Accounts

Hackers Abuse FaceTime Calls to Impersonate Banks and Hijack Victims’ Accounts

Apple has issued a security advisory warning iPhone and iPad users to treat unexpected FaceTime calls with the same scrutiny as standard phishing emails.

A newly tracked wave of social engineering scams shows threat actors actively impersonating major financial institutions and “Apple Support” to steal personal credentials and drain victims’ bank accounts.

FaceTime Calls Abused to Impersonate Banks

According to Malwarebytes research, the scam functions by weaponizing human trust through real-time video validation rather than traditional text alerts.

Attackers initiate the fraud loop by sending urgent text notifications regarding fake account issues, immediately followed by an unsolicited FaceTime call. Once the victim answers, the threat actors deploy a highly calculated script:

Urgency Staging: The fraudster claims that immediate unauthorized activity or a critical technical failure has been identified on the account.

Credential Harvesting: They pressure the victim to verify debit or credit card details, online banking usernames, or Apple ID log-ins.

System Takeover: In advanced scenarios, they guide the victim into installing remote-access utility tools or sharing time-sensitive multi-factor authentication passcodes.

Because a real-time video call from a well-known brand naturally drops a user’s defensive boundaries, FaceTime serves as a highly effective pipeline for mass deception.

This development highlights a broader industry shift toward multichannel social engineering, where actors bypass traditional defenses by stealing iOS credentials through trusted interaction boundaries.

Beyond the immediate loss of banking access, Malwarebytes security researchers highlight that these social engineering operations are increasingly integrated into multi-stage attack paths.

Stolen credentials captured during an interactive call can be dynamically combined with active browser-side software flaws. If a victim is routed to a booby-trapped verification node, these browser bugs can silently execute malicious payloads on the host device.

This process allows threat actors to scale their privileges from standard app-level compromise straight to complete system takeover. High-profile campaigns like DarkSword function specifically via this methodology, emphasizing why lagging device updates represent a dangerous defensive liability.

Threat groups routinely rely on these delayed deployment windows to expand their initial access capabilities, similar to vectors identified during recent trends in iPhone phishing scams.

To mitigate the threat of interactive FaceTime fraud, users and enterprise defenders should enforce rigorous defensive practices immediately.

Recommended ActionOperational Defense VectorTarget Threat ElementVerify Outbound ChannelsContact institutions through official phone numbersNeutralizes spoofed audio or video linesApply Security UpdatesKeep iOS and iPadOS updated via system settingsCloses active browser-side execution gapsDeploy Endpoint GuardRun real-time mobile anti-malware solutionsBlocks automated connection pivotsReport Active ScamsEmail screenshots to reportfacetimefraud@apple.comExpands baseline indicator intelligence

Financial institutions and Apple technical groups do not use FaceTime to address urgent security issues or to perform manual payment recoveries.

If an unexpected notification or real-time call requires immediate credential input or screen-sharing, users should terminate the session and verify account metrics via a trusted secondary interface.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.
The post Hackers Abuse FaceTime Calls to Impersonate Banks and Hijack Victims’ Accounts appeared first on Cyber Security News.

Source: cybersecuritynews.com –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts