An urgent warning has been issued to all 1.46 billion iPhone users after tech experts discovered a new cyberattack targeting Apple IDs.
Malicious actors are using SMS phishing campaigns, sending messages that appear to come from Apple, urging users to click on a link that leads to an “important request” about iCloud.
California security firm Symantec discovered the attack this month and warned that the links lead to fake websites urging users to provide their Apple ID details.
Apple has issued guidelines for such an attack, urging iPhone owners to use two-factor authentication, which requires a password and a six-digit verification code to access their account from a remote device.
Malicious actors are using SMS phishing campaigns that send messages that appear to come from Apple, tricking users into clicking on a link to an “important request” about iCloud
“These credentials are extremely valuable, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases,” Symantec said on its website. website.
‘In addition, Apple’s strong brand reputation makes users more likely to believe misleading communications that appear to come from Apple, making these targets even more attractive to cybercriminals.’
The company issued the alert on July 2, noting that it had spotted a malicious text message circulating that read: “Apple Important iCloud Request: Visit Login[.]authenticate connection[.]info/icloud to continue using your services.’
Symantec discovered that the hackers added a CAPTCHA to the fake website to make it appear legitimate.
Once this is completed, users will be redirected to a legacy iCloud login template.
Apple noted on its support page that scammers may also ask iPhone users to disable features like two-factor authentication or Device Theft Protection.
“They will claim that this is necessary to stop an attack or to give you back control of your account,” the tech giant said.
Symantec discovered that the hackers added a CAPTCHA to the fake website to make it look legitimate. Once the CAPTCHA is completed, users are redirected to an outdated iCloud login template.
But they try to trick you into lowering your security so they can launch an attack themselves.
“Apple will never ask you to turn off a security feature on your device or your account.”
There are ways to identify fraud. A clear signal is the link in the text.
Although the message looks credible, the URL does not match Apple’s website.
The tech giant also reported that hackers often send texts that look significantly different from the company’s standard text.
The scam isn’t limited to imitating Apple apps, as many users have reported receiving text messages that appear to come from Netflix, Amazon and other well-known companies.
These fake messages claimed that users’ accounts had been blocked or their credit cards had expired. They then asked users to click on a link that asked them to enter personal information or bank account details.
The Federal Trade Commission warns: “If you receive a text message you weren’t expecting that asks you to enter personal or financial information, don’t click on any links.”
‘Legitimate companies will never ask you for information about your account via text message.’
“If you believe the message is legitimate, contact the company using a phone number or website that you know is legitimate. Not the information in the text message.”