A new cyber attack is targeting iPhone users, with criminals trying to obtain personal Apple IDs in a “phishing” campaign, according to security software company Symantec. Said warned Monday.
Cybercriminals are sending US iPhone users text messages that appear to be from Apple but are actually an attempt to steal the victims’ personal information.
“Phishing attackers continue to target Apple IDs due to their widespread use and access to a vast number of potential victims,” Symantec said. “These credentials are highly valuable, providing control over devices, access to personal and financial information, and potential revenue from fraudulent purchases.”
Symantec, a unit of semiconductor and infrastructure software maker Broadcom, warned that consumers are also more likely to trust communications that appear to come from trusted brands like Apple.
The malicious SMS messages appear to be sent from Apple and urge the recipient to click a link to sign in to their iCloud account. For example, the phishing text may read: “Apple Important Request iCloud: Visit us to sign in.”[.]Authentication Connection[.]”To continue using the service, please log in to info/icloud.” Recipients are asked to complete a CAPTCHA challenge to prove they are a legitimate user before being directed to a fake iCloud login page.
Such cyber attacks are commonly known as “smishing”, in which criminals use fake text messages disguised as from reputable organizations rather than email to lure people into sharing personal information such as account passwords and credit card information.
How to protect yourself
Be careful when opening text messages that appear to be from Apple. Always verify who the message is coming from; if it comes from a random phone number, it is almost certain that the sender is not the iPhone maker. iPhone users should also avoid clicking links offering access to their iCloud accounts; instead, go directly to the login page.
“If you are suspicious of an unexpected message or phone call, or a request for personal information like your email address, phone number, password, security code or money, it is safer to assume it is a scam and contact the company directly if necessary,” Apple said in a statement. post How to avoid scams.
Apple urges users to always enable it Two-factor authentication The technology was introduced to strengthen the security of your Apple ID and make it harder to access your account from another device, and Apple says it’s designed to “ensure you’re the only one who can access your account.”
Apple adds that its support representatives will never send users links to websites asking them to sign in or ask them to provide their passwords, device passcodes or two-factor authentication codes.
“If someone claiming to be from Apple asks you to do any of the above, they are a scammer engaging in a social engineering attack — hang up or discontinue contact,” the company said. Said.
The Federal Trade Commission also Recommendation Set your computer and phone to automatically update your security software.