A good social engineering attack knows more about me than I do. They know my first pet, my mother's maiden name, and where all my banking records are. Lots of ways of getting that. Notice - the call was because the guys _phone_ was inoperable. A call back could go to a burner, and Apple would be none the wiser.
Very few, if any, defenses against social engineering, other than (A) Not allowing it, or (B) Requiring a Notarized-registered-letter of identification to start the process.
I'm a fan of using Notaries for password resets. Particularly to my email account, as it's the most valuable thing I own. Double-notarize in the event of two-factor resets. Make it a HUGE burden. Lock me out of email for a week or two if required, but don't give anyone access to my email.
Very few, if any, defenses against social engineering, other than (A) Not allowing it, or (B) Requiring a Notarized-registered-letter of identification to start the process.
I'm a fan of using Notaries for password resets. Particularly to my email account, as it's the most valuable thing I own. Double-notarize in the event of two-factor resets. Make it a HUGE burden. Lock me out of email for a week or two if required, but don't give anyone access to my email.