Is Your Apple ID At Risk From New SMS Phishing Scam?

Apple’s strong brand reputation makes users more susceptible to trusting deceptive communications.

The Apple logo at the entrance of an Apple store in Washington. Photo Credit: Nicholas Kamm/AFP

Tech experts have uncovered a new cyberattack specifically targeting Apple IDs through SMS phishing campaigns. The phishing messages, which claim to be from Apple, prompt users to visit a link for an ‘important request’ about iCloud.

Symantec, a security firm based in California, discovered the attack and issued a warning on July 2.

The arguments

According to Symantec, Apple ID credentials are highly valued by cybercriminals because they provide control over devices, access to personal and financial information, and potential unauthorized purchases.

Apple’s strong brand reputation makes users more susceptible to trusting deceptive communications.

Scammers’ tactics

In an attempt to weaken security for their own benefit, scammers could claim that turning off security features like 2FA is required to thwart an attack or recover account control.

But Apple has made it clear that it will never request that customers turn off security protections on their gadgets or accounts.

User susceptibility

Users can be tricked into entering their credentials by the old login template and the validity of the CAPTCHA. In order to prevent falling for these types of scams, users should exercise caution when it comes to the legitimacy of links and message formats.

Broader impact

The problem is, however, not exclusive to Apple, indicating a wider issue with phishing scams that target different businesses. When receiving a communication requesting personal information, users are advised by experts that to exercise caution and confirm its legitimacy, regardless of the brand being impersonated.

The facts

Apple has guidelines urging users to implement two-factor authentication (2FA), requiring a password and a six-digit verification code.

Also, scammers might ask users to disable 2FA or Stolen Device Protection under the pretense of securing their accounts.

The phishing websites often include a CAPTCHA to appear legitimate. These sites lead users to an outdated iCloud login template.

Malicious emails frequently have URLs in them that don’t correspond to Apple’s legitimate website.

Generally speaking, messages from hackers don’t look like those from Apple.

Reports of similar frauds have surfaced, posing as Netflix, Amazon, and other firms and citing problems such as credit card expiration or suspended accounts.

Users are urged by the Federal Trade Commission (FTC) not to click on links in unexpected text messages that request money or personal information.

Reputable businesses won’t text you seeking account details.