Attention iPhone owners: A serious cyberthreat is targeting Apple IDs, and it’s more important than ever to be on guard. Symantec security experts have uncovered a sophisticated SMS phishing campaign designed to trick you into giving up your valuable Apple IDs.
GET SECURITY ALERTS AND EXPERT ADVICE – SUBSCRIBE TO KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
The mechanics of the attack
Here’s how the scam works: Hackers send text messages that appear to be from Apple. These messages urgently ask you to click a link for an important iCloud update or verification. Symantec Research shows that these links lead to cleverly designed fake websites that ask for your Apple ID and password. To make the site appear legitimate, the attackers even included a CAPTCHA.
Once the CAPTCHA is completed, you are redirected to an iCloud login page that looks like an outdated page, where you are asked to enter your credentials. This information is valuable to cybercriminals: it allows them to access your personal and financial data, as well as control your devices.
Below is a email version of this same scam to avoid. Note the strange return email address from a non-Apple account, riddled with hyphens and strange characters.
Apple’s Response and Protective Measures
Apple is aware of these tactics and has guidelines to help you stay protected. First, enable two-factor authentication on your Apple ID. This adds an extra layer of security by requiring a password and six-digit verification code every time you sign in from a new device.
Remember, Apple will never ask you to turn off security features like two-factor authentication or device theft protection. Scammers may claim that this is necessary to fix a problem, but it’s a trap designed to lower your defenses.
Detect phishing attempts
Phishing scams can be sneaky, but there are ways to spot them. Look closely at the URLs of suspicious messages. While the message may appear legitimate, the web address usually doesn’t match Apple’s official website. Also, be wary of any text that deviates from Apple’s usual communication style.
Symantec highlighted a specific phishing message in its July 2 warning. The fraudulent SMS read: “Important Apple iCloud request: Visit signin(.)authen-login(.)info/icloud to continue using your services.” Strange characters and unfamiliar domains are clear indicators of a scam.
Broader Scam Tactics and How to Avoid Them
These phishing attempts aren’t just targeting Apple users. People have reported receiving similar messages from companies like Netflix and Amazon, claiming account issues or expired credit cards. These messages also prompt you to click a link and enter your personal information.
The Federal Trade Commission (FTC) recommends that legitimate businesses never ask for sensitive information via text message. If you receive such a message, contact the business directly using a verified number or website, not the information provided in the text message.
How to Protect Yourself from Apple SMS and Email Scams
1) Always use strong antivirus protection on all your devices
This may be one of the best investments you can make to protect yourself from phishing scams. Having antivirus software running on your devices will prevent you from clicking on malicious links or downloading files that could spread malware to your device and risk stealing your personal information.
Special for CyberGuy readers: My #1 pick is TotalAV, and you can take advantage of a limited time offer for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
Read my review of my top antivirus picks here
Best Antivirus Protection 2024
2) Don’t take the bait
Scammers often use alarming language to provoke immediate action. Phrases such as “act now” or “important” are red flags. Stay calm and be wary of unsolicited messages.
3) Enable two-factor authentication on your Apple devices
Implementing multi-factor authentication on your Apple ID can greatly improve your security. Always verify the source of messages that claim to be from Apple. When in doubt, manually log in to your account through the official Apple website or your iPhone settings instead of clicking on links.
4) Keep the software up to date
Regularly update your operating system, web browsers, and antivirus software to ensure they’re equipped to detect and prevent the latest threats. You can check for these updates regularly in your device’s Settings app for software updates, and you can go to your App Store or Google Play Store (depending on which device you have) to check for updates for individual apps. Follow these steps here.
What should you do if you clicked on a link and installed malware on your device?
If you’ve been hacked, it’s not too late. There are several ways to protect yourself from hackers, even if they have access to your information.
1) Scan your device for malware
First, you need to scan your computer with a reputable and legitimate antivirus program. Check out my expert review on the best antivirus protection for your Windows, Mac, Android and iOS devices.
2) Change your passwords immediately
If you have inadvertently given your information to hackers or malicious actors, they could gain access to your social media or banking accounts. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device, as the hacker could see your new passwords. Instead, you should use ANOTHER DEVICEsuch as your laptop or desktop computer, to change your passwords. Make sure to use strong, unique passwords that are difficult to guess or crack. You can also use a password manager to generate and store your passwords securely.
3) Monitor your accounts and transactions
You should regularly check your online accounts and transactions for suspicious or unauthorized activity. If you notice anything unusual, report it to your service provider or authorities as soon as possible. You should also review your credit reports and scores for signs of identity theft or fraud.
4) Use identity theft protection
Phishing emails target your personal information. Hackers can use this information to create fake accounts in your name, access your existing accounts, and impersonate you online. This can cause serious damage to your identity and credit rating.
To prevent this, you should use identity theft protection services. These services can track your personal information, such as your property title, Social Security number (SSN), phone number, and email address, and alert you if they detect suspicious activity. They can also help freeze your bank and credit card accounts to prevent hackers from using them.
One of the best benefits of using Identity Guard includes identity theft insurance of up to $1 million to cover losses and legal costs and one White Glove Fraud Resolution Team consisting of a US-based Case Manager helps you recover all losses.
Special for CyberGuy readers: Save up to 52% with my top recommendation: Identity Guard.
Read more of my review of the best identity theft protection services here.
5) Contact your bank and credit card companies
If hackers have obtained your banking or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute fraudulent charges, and issue new cards for you.
6) Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
7) Restore your device to factory settings
If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original version. You should backup your important data before doing this and restore it only from a trusted source.
MORE: HOW HACKERS TARGET X-VERIFICATION ACCOUNTS TO TRICK YOU
Kurt’s Takeaway
As cyberattacks become more sophisticated, it’s important to stay informed and cautious. Protect your Apple ID and personal information by following Apple’s security guidelines and being wary of unsolicited messages. By taking these precautions, you can keep your devices and data safe from malicious actors.
Have you ever been a victim of a cyber scam? If so, what happened and how did you recover? Let us know by commenting below.
Copyright 2024 CyberGuy.com. All rights reserved. Articles and content on CyberGuy.com may contain affiliate links that generate a commission when you make a purchase.
🛍️ BUYING GUIDES:
CHILDREN | MEN | WOMEN | TEENS | PETS |
FOR THOSE WHO LOVE :
KITCHEN | COFFEE | TOOLS | TRAVEL | WINE |
DEVICES:
LAPTOPS | TABLETS | PRINTERS | DESKTOPS | MONITORS | HEADPHONES | HEADSETS | KINDLES | SOUNDBARS | KINDLES | BLUETOOTH SPEAKERS | DRONES |
ACCESSORIES:
CAR | KITCHEN | LAPTOP | KEYBOARDS | PHONE | TRAVEL | KEEP COMFORTABLE |
PERSONAL GIFTS:
PHOTO BOOKS | DIGITAL PHOTO FRAMES |
SECURITY
ANTI-VIRUS | VPN | SECURE EMAIL |
YOU CAN’T GO WRONG WITH THESE THINGS:
GIFT CARDS