A recent alert from cybersecurity experts at Symantec has highlighted a concerning new trend targeting iPhone users across the United States. According to Symantec, cybercriminals are employing sophisticated "phishing" tactics to steal Apple IDs and gain access to personal information.
How the attack works
The attackers are sending deceptive text messages to iPhone users, pretending to be legitimate communications from Apple. These messages aim to trick recipients into giving their Apple ID credentials by luring them to fake iCloud login pages. For instance, a typical phishing text might include a message like: "Apple important request iCloud: Visit signin[.]authen-connexion[.]info/iCloud to continue using your services."
To appear authentic, recipients are also prompted to complete a CAPTCHA challenge before being redirected to the fake login page. This tactic aims to exploit users' trust in communications from recognised brands like Apple.
Risks and consequences
Symantec warns that Apple IDs are highly valued by cybercriminals due to their potential to access personal and financial information, as well as control over devices. Unauthorised access through stolen credentials can lead to significant financial losses and privacy breaches for victims.
Advice for Protection
To safeguard against such attacks, experts recommend several precautions:
Verify Message Sources: Always verify the authenticity of messages claiming to be from Apple, especially if they come from unfamiliar phone numbers.
Avoid Clicking Suspicious Links: Refrain from clicking on any links in messages that request access to your iCloud account. Instead, navigate directly to the official login pages.
Enable Two-Factor Authentication: Apple strongly advises users to enable two-factor authentication for their Apple IDs. This extra layer of security makes it more difficult for unauthorised users to access accounts, even with stolen passwords.
Be Wary of Unsolicited Requests: Apple reaffirms that its support representatives will never ask for your password, device passcode, or two-factor authentication code over the phone or via text messages. Treat any such requests as potential scams and end contact immediately.
The Federal Trade Commission (FTC) also recommends keeping security software updated on both computers and mobile phones. This ensures that devices are equipped with the latest defences against evolving cyber threats.