A new cyberattack is targeting iPhone users, with criminals attempting to obtain individuals’ Apple IDs in a “phishing” campaign, security software company Symantec reported on Monday.
Phishing campaign details
Cybercriminals are sending text messages to iPhone users in the U.S. that appear to be from Apple but are attempting to steal personal credentials. Symantec noted, “Phishing actors continue to target Apple IDs due to their widespread use, offering access to a vast pool of potential victims.” These credentials can provide control over devices, access to personal and financial information, and unauthorized purchases.
The scam mechanics
The malicious SMS messages mimic Apple’s communications, urging recipients to click a link and sign in to their iCloud accounts. For instance, a phishing text might read: “Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.” Recipients are then directed to a fake iCloud login page after completing a CAPTCHA challenge to appear legitimate.
This type of cyberattack is known as a “smishing” scheme, where criminals use fake text messages from reputed organizations to lure people into sharing personal information, such as account passwords and credit card data.
How to protect your
- Verify Message Source: Be cautious about opening any text messages that appear to be from Apple. Always check the source; if it’s from a random phone number, it’s likely not Apple.
- Avoid Clicking Links: Instead of clicking links in texts, go directly to the official login pages.
- Enable Two-Factor Authentication: This adds an extra layer of security to your Apple ID, ensuring that only you can access your account.
Apple emphasized, “If you’re suspicious about an unexpected message, call, or request for personal information, presume it’s a scam and contact the company directly.”
Apple also stated that their support representatives will never send users a link to a website asking them to sign in or provide passwords, device passcodes, or two-factor authentication codes. If someone claiming to be from Apple asks for these, they are a scammer.
The Federal Trade Commission recommends setting up your computer and mobile phone to update security software automatically to safeguard against such threats.