Apple has issued new guidelines for all iPhone users to protect themselves following a cyberattack targeting more than a billion devices last week.
The company warned users that hackers are using social engineering tactics, such as impersonating company representatives, to access personal data such as login credentials, security codes and financial information.
Beware of phishing emails that trick users into sharing information or handing over money, as well as fraudulent pop-up ads, fake promotions, unwanted calendar invitations, and fake calls.
As a first step, if they don’t have it enabled already, iPhone owners should set up two-factor authentication, which requires a password and a six-digit verification code to access their account from an external device.
Apple has warned users that hackers are using social engineering tactics, such as impersonating company representatives, to access personal data such as login credentials, security codes and financial information.
Apple is urging users to be wary of receiving spoofed calls from a seemingly legitimate phone number that is actually a malicious actor trying to steal your information.
They may try to build a relationship to gain your trust and will mention personal information about your account, such as your home address, place of work, or even your Social Security number.
This scammer will likely claim that there is an issue with the account and that someone made unauthorized charges using Apple Pay and will make it seem urgent so that the user feels pressured to resolve the situation immediately.
‘Spoofed calls typically work to create a strong sense of urgency to avoid giving you time to think and discourage you from contacting Apple directly,’ Apple warned.
‘For example, the scammer may say that you are free to call Apple again, but the fraudulent activities will continue and you will be held liable. This is false and designed to prevent you from hanging up.’
Apple noted on its support page that scammers may also ask iPhone users to disable features such as two-factor authentication or stolen device protection.
“They will claim this is necessary to help stop an attack or to allow you to regain control of your account,” the tech giant shared.
“However, they are trying to trick you into lowering your security so they can carry out their own attack.”
The company said there are ways to identify fraudulent emails and messages to avoid being tricked into disclosing your personal information.
First, users should look at the sender’s email or phone number to see if it matches the company name and if the email address they used to contact you is different from the one listed on your account.
Other methods include checking whether the URL link they sent matches Apple’s website, whether the message looks different from others you’ve received from the company, and whether it asks for personal information such as an account password or credit card number.
Scammers will likely claim that there is an issue with the account and that someone made unauthorized charges using Apple Pay and make it seem urgent so that the user feels pressured to resolve the situation immediately. This will create a situation that will allow the bad actor to gain access to important personal and financial information.
If a user receives a suspicious call, they should immediately hang up and call Apple directly to verify the notice they received or they can report the fraudulent phone calls to the U.S. Federal Trade Commission or local law enforcement agencies.
Apple’s warning comes just a week after scammers used SMS phishing campaigns that sent iPhone users fake messages telling them to visit a link to an “important request” about iCloud.
California-based security firm Symantec discovered the attack this month and warned that links lead to fake websites urging users to provide their Apple ID information.
The company posted the warning on July 2, noting that it observed a malicious SMS circulating that read: “Important request from Apple for iCloud: Please visit signin(.)authen-connexion(.)info/icloud to continue using their services.”
Symantec reported that hackers added a CAPTCHA to the fake website to make it look legitimate, and once completed, it would take users to an outdated iCloud login template.
“Phishing actors continue to target Apple IDs due to their widespread use, which provides access to a wide pool of potential victims,” Symantec said in an alert last week.
‘These credentials are highly valued as they provide control over devices, access to personal and financial information and potential revenue through unauthorized purchases.’
Apple clarified that its support representatives would never send users to a website link to log in or ask them to provide their device password or two-factor authentication code.
“If someone claiming to be from Apple asks you for any of the things mentioned above, they are a scammer performing a social engineering attack. Hang up or end contact with them,” Apple said. saying.