Again I am going in to the realm of conjecture here over a little post, but maybe they had loads of information on Apple users from a data breach and this is how they were capitalising on them.

I’m just speculating but maybe they (scammers) filled out a fraudulent activity form on the Apple site on behalf of the victim and then called before an Apple rep did.

We work as software engineers and my colleague works on a particular application for one of our clients and I shit you not the following happens regularly.

• Colleague emails client with a change log for the latest publish.
• Client prints off the email and annotates it with a pen.
• Takes a photo of the printed out email.
• Attaches it to his reply.