An urgent warning has been issued to the 1.46 billion iPhone users after technology experts discovered a new cyber attack targeting Apple IDs.
Malicious actors are using SMS phishing campaigns that send messages claiming to be from Apple and urging users to visit a link to an “important request” about iCloud.
California-based security firm Symantec discovered the attack this month and warned that links lead to fake websites urging users to provide their Apple ID information.
Apple has set guidelines for such attacks, urging iPhone owners to use two-factor authentication that requires a password and a six-digit verification code to access their account from an external device.
Malicious actors are using SMS phishing campaigns that send messages claiming to be from Apple urging users to visit a link to an “important request” about iCloud.
‘These credentials are extremely valuable as they provide control over devices, access to personal and financial information, and potential revenue through unauthorized purchases,’ Symantec shared on its website. website.
‘In addition, Apple’s strong brand reputation makes users more susceptible to trusting misleading communications that appear to come from Apple, further increasing the attractiveness of these targets for cybercriminals.’
The company posted the warning on July 2, noting that it observed a malicious SMS circulating that read: “Important request from Apple for iCloud: Please visit signin(.)authen-connexion(.)info/icloud to continue using their services.”
Symantec discovered that hackers added a CAPTCHA to the fake website to make it look legitimate.
Once completed, it takes users to an outdated iCloud login template.
Apple noted on its support page that scammers may also ask iPhone users to disable features such as two-factor authentication or stolen device protection.
“They will claim this is necessary to help stop an attack or to allow you to regain control of your account,” the tech giant shared.
Symantec discovered that hackers added a CAPTCHA to the fake website to make it look legitimate, and once completed, it takes users to an outdated iCloud login template.
‘However, they are trying to trick you into lowering your security so they can carry out their own attack.
‘Apple will never ask you to turn off any security features on your device or in your account.’
There are ways to identify fraud, and a clear indication is the link that appears in the text.
While the message may seem credible, the URL will not match Apple’s website.
The tech giant also shared that hackers often send texts that appear significantly different from the company’s standard.
Scams aren’t limited to impersonating Apple either, as many users have reported text messages claiming to be from Netflix, Amazon and other well-known companies.
These fake messages claimed that users’ accounts were frozen or credit cards had expired, prompting them to click on a link requesting personal or bank account information.
“If you receive a text message you weren’t expecting that asks for personal or financial information, don’t click on any links,” the Federal Trade Commission warned.
‘Legitimate companies won’t ask you for your account information via text message.’
‘If you think the message may be real, contact the company using a phone number or website you know is real. Do not use the information in the text message.’