Tech experts have issued an urgent warning to iPhone users after uncovering a new cyberattack targeting Apple IDs. The attack employs SMS phishing techniques, impersonating Apple and luring users into divulging their Apple ID credentials.
How was the scam discovered?
Symantec, a California-based security firm, discovered this scam earlier this month. The malicious messages claim to be from Apple and prompt users to visit a link regarding an “important request” about their iCloud account. These links direct users to fake websites designed to steal their Apple ID information.
Apple has reiterated the importance of using two-factor authentication (2FA) for account security. This method requires a password and a six-digit verification code to access accounts from new devices, providing an additional layer of protection.
Symantec highlighted the high value of Apple ID credentials, noting they grant access to devices, personal and financial information, and can be exploited for unauthorized purchases. The firm’s website emphasized the appeal of Apple’s strong brand reputation, which can lead users to trust deceptive communications.
The warning from Symantec came after the firm observed a malicious SMS message: “Apple important request iCloud: Visit signin[.]authen-connexion[.]info/iCloud to continue using your services.” The scammers even added CAPTCHA to the site to enhance its legitimacy. Completing the CAPTCHA leads to an outdated iCloud login page, where users are tricked into entering their Apple ID credentials.
How can you identify and avoid these scams?
Apple’s support page advises users to be wary of any requests to disable security features such as two-factor authentication or Stolen Device Protection. The company clarified that it would never ask users to disable these protections, warning that such requests are attempts by scammers to lower security defenses.
There are ways to identify fraud:
- Mismatch in URL: The link in the text will not match Apple’s official website.
- Unusual Appearance: The fraudulent messages often look different from standard Apple communications.
Phishing scams are not limited to Apple
Moreover, these scams are not limited to impersonating Apple. Many users have reported receiving text messages claiming to be from Netflix, Amazon, and other well-known companies. These fraudulent messages typically state that users’ accounts have been frozen or that their credit cards have expired, prompting them to click a link that asks for personal or financial information.
The Federal Trade Commission (FTC) has also issued a warning: “If you get a text message you weren’t expecting and it asks you to give some personal or financial information, don’t click on any links. Legitimate companies won’t ask for information about your account by text. If you think the message might be real, contact the company using a phone number or website you know is real. Not the information in the text message.”
This cyberattack underscores the importance of vigilance among iPhone users. By adhering to security guidelines and being cautious of suspicious communications, users can protect their personal information from cybercriminals.
Featured Image courtesy of Pixabay