The top-of-the-line iPhones are incredibly popular devices, making Apple fans prime targets for scammers and fraudsters. Falling victim can cost you your Apple ID (now called Apple Account), money, and more.
That’s perfectly illustrated by a new attack that uses text messages to steal your Apple ID—and all the data it contains. Broadcom first noted that the attack involves “a threat actor distributing malicious text messages in the United States.” The attack—known as “smishing”—tells recipients they need to sign in to iCloud to “continue using your services.” You’re then redirected to a fake website that imitates the real iCloud site. When users log in, their usernames and passwords are stolen.
Apple is well aware of the threats to its customers, and the company has just published a series of tips and advice on how to avoid falling victim to malicious scammers. In a new post on the company’s support website, Apple explains what social engineering scams are, including phishing text messages of the type identified by Broadcom, as well as fraudulent calls pretending to be from support agents. The post also includes a wide range of tips and advice on how to avoid falling for scammers and losing important information that could be misused by malicious actors.
If you’re concerned about the incident Broadcom noticed, Apple has some important advice: “If you’re suspicious of an unexpected message, phone call, or request for personal information, such as your email address, phone number, password, security code, or money, it’s safer to assume it’s a scam. If necessary, contact the company directly.” Caution can mean the difference between safety and a scam.
How do you stay safe?
Phishing is a common tactic that usually involves tricking you into believing that a scammer is a legitimate representative of a company, with the goal of tricking you into giving up important private information. For example, the scammer might send you an email asking you to claim a (fake) prize, or call you pretending to be from Apple Support and asking you to provide your account password.
Social engineering scams usually revolve around two things: trust and urgency. The scammer wants you to believe that they are trustworthy, so that you feel comfortable giving them money or important login details. They also want you to feel rushed, so that you don’t have time to think about whether you are being taken advantage of.
With that in mind, Apple’s article provides information on what you can do to protect yourself and how to report a scam attempt, whether it was successful or not. For example, Apple says that if a scammer’s email isn’t sent from the company’s web address it claims to be from, it’s likely fraudulent. You can mark suspicious messages and calendar invites as spam, report scam calls to the FTC, and block unwanted callers on your phone. Apple’s guide also provides a list of official Apple email addresses you can contact to report various types of scams.
The important thing is that if you think your Apple ID (or other account) has been compromised, you should change your password as soon as possible to lock out the fraudsters. Secondly, the Have I been hacked? website lets you enter your email address to see if it has been compromised, and it can be used hand-in-hand with Apple’s advice. Follow these tips and you’ll have a better chance of staying safe and beating the scammers.