A new cyberattack is targeting iPhone users, with criminals attempting to obtain individuals' Apple IDs in a “phishing” campaign, security software company Symantec reports. said in a warning on Monday.
Cybercriminals are sending text messages to iPhone users in the US that appear to come from Apple, but are in fact intended to steal victims' personal data.
“Phishing actors continue to target Apple IDs due to their widespread use, which provides access to a large number of potential victims,” Symantec said. “These credentials are highly valuable, offering control over devices, access to personal and financial information, and potential revenue through unauthorized purchases.”
Consumers are also more likely to trust communications that appear to come from a trusted brand like Apple, warned Symantec, which is owned by Broadcom, a maker of semiconductors and infrastructure software.
The malicious text messages appear to come from Apple and encourage recipients to click a link and sign in to their iCloud accounts. For example, a phishing text message might say: “Apple important iCloud request: visit to sign in[.]authenticate connection[.]info/icloud to continue using your services.” Recipients are also asked to complete a CAPTCHA to appear legitimate, before being taken to a fake iCloud login page.
Such cyberattacks are often called “smishing,” where criminals use fake text messages from supposedly trustworthy organizations instead of email to trick people into sharing personal information, such as account passwords and credit card details.
How to Protect Yourself
Be careful when opening text messages that appear to be sent by Apple. Always check the source of the message: if it comes from a random phone number, the iPhone maker is almost certainly not the sender. iPhone users should also avoid clicking on links that invite people to access their iCloud account; instead, go directly to login pages.
“If you're suspicious about an unexpected message, phone call, or request for personal information, such as your email address, phone number, password, security code, or money, it's safer to assume it's a scam. If necessary, contact the company directly,” Apple said in a statement after about avoiding scams.
Apple urges users to always multi-factor authentication for Apple ID for added security and to make it harder to access your account from another device. It's “designed to help ensure that you're the only person who can access your account,” Apple said.
Apple adds that its own support staff will never send users a link to a website asking them to sign in or enter your password, device passcode, or two-factor authentication code.
“If someone claiming to be from Apple asks you for any of the above, they are a scammer engaged in a social engineering attack. Hang up the call or otherwise end contact with them,” the company said. said.
Other tips to prevent smishing fraud, according to the government watchdogs:
- Set your computer and mobile phone to automatically update security software
- Never click on links, never respond to text messages, and never call unknown phone numbers.
- Never respond to unknown text messages, even if you are asked to text “STOP” to end the messages.
- Remove suspicious texts
- If you receive a text message that appears to be from a company or government agency, check your account or go online to verify the contact information
The key to safety: “Stop before you react and avoid the urge to react.” according to to the Federal Communications Commission.
