A new iPhone alert has been issued by a security firm after it was discovered that Apple IDs were being targeted. … [+]
A new iPhone alert has been issued by a security firm after it was discovered that Apple IDs were being targeted in an SMS phishing campaign.
Symantec researchers describe how attackers are distributing malicious SMS messages to iPhone users in the United States.
The text message sent to iPhone readers reads: “Important Apple iCloud request: Visit Login[.]authen-connection[.]info/icloud to continue using your services.
To make the text messages sent by the iPhone appear legitimate, the hackers even set up a CAPTCHA that users must complete. After that, users are redirected to a webpage that mimics an outdated iCloud login model, where they are encouraged to provide their information to the hackers.
Apple IDs are “highly valued” because they give attackers control over iPads and iPhones, as well as access to personal and financial information and potential revenue from unauthorized purchases, said Broadcom, which owns Symantec. said.
Additionally, Apple’s strong brand reputation makes users more likely to trust deceptive communications that appear to come from Apple, the company warned.
Typically, Apple ID phishing is done via email. You may not see many of these, as they end up in your spam folder. However, SMS phishing, also known as “smishing,” is becoming more common.
Typically, hackers tend to limit access to their malicious websites to mobile browser users and specific regions in order to evade detection by surveillance systems. However, in this case, the malicious website is accessible from both a desktop and a mobile browser, Broadcom researchers said.
How to Avoid New SMS Attacks on iPhone
This comes as attackers are increasingly targeting iPhones and Apple IDs. In March, I reported on an attack that bombards iPhone users with notifications or multi-factor authentication messages to persuade them that they need to reset their password.
Forbes Contributor Davey Winder himself was hit by an Apple ID password reset bug affecting iPhone, iPad, and Mac users.
Hackers using SMS messages on Apple iPhones are becoming increasingly sneaky, using “scary language” such as “act now” and “important,” says Jake Moore, global cybersecurity advisor at ESET. “This can often force people to take action more successfully, so users should be wary of any links embedded in a text message, especially if they come from unsolicited places.”
People should also be aware that savvy cybercriminals may also have your cell phone number as well as your Apple ID, which is usually the owner’s primary email address, Moore says. “This can add an element of authenticity and make the attack even more personal.”
So what can you do to avoid this new sneak attack on the iPhone? The first thing to do is to be very careful about any communication you receive that appears to be from Apple. Enabling multi-factor authentication on accounts, which requires Face ID or Touch ID, can also help.
If you receive a text message asking you to sign in to iCloud, it’s a good idea to check the source. It’s unlikely that a random phone number is related to Apple.
With that in mind, you should only visit iCloud login pages from trusted sources and locations, Moore says.
If you receive a text message, even if you are sure it is from Apple, you can log in to your account separately, using the official URL or through your iPhone settings. Never click on a link in a text message unless you are absolutely sure who it is from.