Apple has sent a warning to all 1.46 billion users of Apple devices worldwide after tech experts spotted a cyberattack targeting Apple IDs.
Experts explained that hackers are using SMS phishing campaigns that send messages claiming to be from Apple. The messages then encourage users to visit a link to an “important request” about iCloud.
Symantec, a California-based security firm, uncovered the attack in July. The firm explained that the links lead to fake websites that tell users to input their Apple ID information.
Apple has established guidelines for similar attacks, urging iPhone owners to activate two-factor authentication (2FA) that requires a password and a six-digit verification code to access their account from an outside device.
On its website, Symantec advised that Apple credentials are “highly valued” among hackers because they prove “control over devices, access to personal and financial information, and potential revenue through unauthorized purchases.”
Symantec explained that Apple’s strong brand reputation makes users more prone to trusting deceptive communications pretending to be from Apple. It also makes Apple customers attractive targets to cyber criminals.
The warning was released on July 2, and it said that a malicious SMS being sent contained the following text:
“Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.”
Symantec added that the hackers added a CAPTCHA to the fake website to make it seem more legitimate to their targets. Once completed, the website will redirect users to an outdated iCloud login template.
On its support page, Apple cautioned that scammers may ask iPhone users to disable features like 2FA or Stolen Device Protection because it can help “stop an attack or to allow you to regain control of your account.” In reality, disabling these features will instead lower your security so they can carry out their own attack.
The company warned that Apple will never ask users to disable security features on their devices or their accounts.
(Related: Cyberattack disrupts operations in hospitals and clinics operated by Prospect Medical Holdings.)
If you’re not sure what to look for, there are some effective ways to identify fraud, such as checking the link in the text. Even if the message seems legitimate, the URL will not match Apple’s website.
The company also cautioned users that hackers will often send texts that look significantly different from the company’s standard text messages.
Scam also targets customers from other companies like Amazon and Netflix
Apple isn’t the only company being targeted by cybercriminals. Other scams where hackers impersonate companies have many users reporting text messages claiming to be from Amazon, Netflix and other well-known companies.
The fake messages will claim that an account is frozen or credit cards have expired. The texts will then prompt account holders to click a link that asks for personal or bank account information.
The Federal Trade Commission (FTC) has warned that if you receive a text message that you weren’t expecting and it asks you to give out your personal or financial information, don’t click on suspicious links.
“Legitimate companies won’t ask for information about your account by text,” warned the agency. The FTC also said that if you think the message might be real, you can confirm by contacting the company “using a phone number or website that you know is real.”
Visit Deception.news to read more stories about other cyberattacks in the United States.
EXCLUSIVE: Economist Reveals How Gold, Silver, And The US Dollar Went Up After Assassination Attempt