Monday, November 4, 2024

New iPhone Warning—Do This To Avoid Being Hit By Sneaky SMS Attack

Must read

A new iPhone warning has been issued by a security firm, after it found Apple IDs are being targeted in an SMS phishing campaign.

Symantec researchers describe how attackers are distributing malicious SMS messages to iPhone users in the United States.

The SMS sent to iPhone readers reads: “Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.”

To make the iPhone SMS seem legit, attackers even implemented a CAPTCHA for users to complete. After this, users are directed to a webpage that mimics an outdated iCloud login template where they are encouraged to hand over their details to attackers.

Apple ID credentials are “highly valued,” because they offer attackers control over iPads and iPhones, along with access to personal and financial information, and potential revenue through unauthorized purchases, Symantec owner Broadcom said.

ForbesiOS 17.5.1-Emergency Fix Issued To All iPhone Users

Additionally, Apple’s strong brand reputation makes users more susceptible to trusting deceptive communications that appear to be from Apple, the firm warned.

Usually, Apple ID phishing happens via emails—and you might not even see lots of them, because they’ll be sent to your junk. However, SMS phishing—AKA “smishing”—is becoming increasingly prevalent.

Typically, smishing attackers tend to restrict access to their malicious websites to users on mobile browsers and specific regions to evade detection by monitoring systems. However, in this instance, the malicious website is accessible from both desktop and mobile browser, Broadcom researchers said.

How To Avoid New iPhone SMS Attacks

It comes as attackers increasingly target iPhones and Apple IDs. In March I reported an attack that bombards iPhone users with notifications or multi-factor authentication messages to persuade them they need to reset their password.

Forbes contributor Davey Winder was himself hit by an Apple ID password reset bug impacting iPhone, iPad and Mac users.

Apple iPhone SMS attackers are getting increasingly sneaky, using “fear-factor wording” such as “act now” and “important,” says Jake Moore, global cybersecurity advisor at ESET. “This can often force people to act with greater success, so users need to remain mindful of any link embedded in a text message, especially from unsolicited locations.”

People should also be aware that cunning cybercriminals may also possess your cell number as well as your Apple ID—which is usually the owner’s primary email address, says Moore. “This can add a touch of authenticity and make the attack that much more personal.”

ForbesApple’s New AI Security Move Explained

So what can you do to avoid this sneaky new iPhone attack? The first thing to do is be very careful about any communication you receive calming to be from Apple. Enabling multi-factor authentication on accounts—requiring Face ID or Touch ID—can also help.

If you receive a text asking you to log into iCloud, it’s a good idea to check the source. A random phone number is unlikely to be tied to Apple.

With this in mind, you should only visit iCloud login pages from trusted sources and locations, Moore says.

If you do receive a text—even if you’re confident it’s from Apple—you can log into your account separately, using the official URL, or via your iPhone settings. Never click a link in an SMS message unless you are absolutely sure you know who it comes from.

Latest article