Business

New cyberattack targets iPhone Apple IDs

Published

on

Spread The News

 

 

A new cyberattack is targeting iPhone users, with criminals attempting to obtain individuals’ Apple IDs in a “phishing” campaign, security software company Symantec said in an alert Monday.

Cyber criminals are sending text messages to iPhone users in the U.S. that appear to be from Apple, but are in fact an attempt at stealing victims’ personal credentials.

“Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims,” Symantec said. “These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases.”

Consumers are also more likely to trust communications that appear to come from a trusted brand like Apple, warned Symantec, which is owned by Broadcom, a maker of semiconductors and infrastructure software.

The malicious SMS messages appear to come from Apple and encourage recipients to click a link and sign in to their iCloud accounts.

For example, a phishing text could say: “Apple important request iCloud: Visit sign in[.]authen-connexion[.]info/icloud to continue using your services.” Recipients are also asked to complete a CAPTCHA challenge in order to appear legitimate, before they’re directed to a fake iCloud login page.

READ ALSO: AI-enabled cyberattacks highly advanced, but so is next frontier of cyber defence, says Ola Williams

Such cyberattacks are commonly referred to as “smishing” schemes in which criminals use fake text messages from purportedly reputable organizations, rather than email, to lure people into sharing personal information, such as account passwords and credit card data.

Be cautious about opening any text messages that appear to be sent from Apple. Always check the source of the message — if it’s from a random phone number, the iPhone maker is almost certainly not the sender. iPhone users should also avoid clicking on links inviting people to access their iCloud account; instead, go to login pages directly.

“If you’re suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money, it’s safer to presume that it’s a scam — contact that company directly if you need to,” Apple said in a post on avoiding scams.

Advertisement

Apple urges users to always enable two-factor authentication for Apple ID for extra security and to make it harder to access your account from another device. It is “designed to make sure that you’re the only person who can access your account,” Apple said.

Apple adds that its own support representatives will never send its users a link to a website and ask them to sign in, or to provide your password, device passcode, or two-factor authentication code.=

“If someone claiming to be from Apple asks you for any of the above, they are a scammer engaging in a social engineering attack. Hang up the call or otherwise terminate contact with them,” the company said.

The Federal Trade Commission also recommends setting up your computer and mobile phone so that security software is updated automatically.

 

Leave a Reply

Your email address will not be published.

Trending

Copyright © 2024 Nationaldailyng