New cyberattack targets iPhone users, criminals try to obtain people’s Apple IDs in ‘phishing’ campaign, security software firm Symantec he said In Monday’s warning.
Cybercriminals are sending iPhone users in the US text messages that appear to be from Apple but are actually an attempt to steal victims’ personal information.
“Phishing actors continue to target Apple IDs due to their widespread use, which provides access to a wide pool of potential victims,” Symantec said. “These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases.”
Consumers are increasingly trusting communications from a trusted brand like Apple, warns Symantec, owned by semiconductor and infrastructure software maker Broadcom.
The malicious SMS messages come from Apple and encourage recipients to click on a link and access their iCloud accounts. For example, the phishing text might say: “Important Apple iCloud request: Sign in[.]auten-connection[.]info/icloud to continue using your services.” Buyers are asked to complete a CAPTCHA test to appear legitimate before being redirected to a fake iCloud login page.
Such cyberattacks are commonly referred to as “smashing” schemes, in which criminals use fake text messages from purportedly reputable organizations rather than email to trick people into sharing personal information such as account passwords and credit card information.
How to protect yourself
Be careful when opening any text messages that appear to be from Apple. Always check the source of the message — if it’s from a random phone number, it’s almost as if the iPhone manufacturer wasn’t the sender. iPhone users should also avoid clicking on links that invite people to log into their iCloud accounts; instead, go directly to the login pages.
“If you suspect an unexpected message, call or request for personal information such as your email address, phone number, password, security code or money, it’s safer to assume it’s a scam – if you want to know about it, contact the company directly. you should,” said Apple post about avoiding scams.
Apple always prompts users to activate two-factor authentication for Apple ID for added security and to make it harder to access your account from another device. It’s “designed to make sure you’re the only person who can access your account,” Apple said.
Apple adds that its support representatives will never send users a link to a website or ask them to log in or provide a password, device passcode, or two-factor authentication code.
“If someone claiming to be from Apple asks you to do any of the above, they are a scammer engaging in a social engineering attack. End the call or otherwise discontinue contact with them,” the company said. he said.
So does the Federal Trade Commission recommends set your computer and mobile phone to automatically update security software.