Cybercriminals are sending text messages to iPhone users in the US that appear to be from Apple, but are actually an attempt to steal victims’ personal identification information.
“Phishing actors continue to target Apple IDs because of their widespread use, which provides access to a large pool of potential victims. These credentials are highly valuable, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases,” security software company Symantec said in a statement.
Symantec, which is owned by semiconductor and infrastructure software maker Broadcom, warned that consumers are also more likely to trust communications that appear to come from a trusted brand such as Apple.
Malicious SMS messages appear to come from Apple, encouraging recipients to click on a link and sign in to their iCloud account. For example, a phishing text might say: “Apple important iCloud request: To continue using your services, visit signin(.)authen-connexion(.)info/icloud.” Recipients are also asked to complete a CAPTCHA challenge to appear legitimate before being redirected to a fake iCloud login page.
These types of cyberattacks are called “smishing” schemes, where criminals use fake text messages from supposedly reputable organizations instead of email to convince people to share personal information such as account passwords and credit card data.
How can you protect yourself?
Experts advise caution when opening text messages that appear to be from Apple. Always check the source of the message. If it’s from a random phone number, the chances of the sender being the iPhone manufacturer are slim to none.
iPhone users should also avoid clicking on links that invite people to access their iCloud accounts; instead, go directly to login pages.
Apple always urges users to enable two-factor authentication for their Apple ID to provide extra security and make it harder for someone else to access your account from another device. Apple says it’s “designed to make sure you’re the only one who can access your account.”
Experts also recommend setting the computer and mobile phone security software to update automatically.
