Monday, December 23, 2024

Urgent warning to all iPhone users after new cyberattack targets 1.4billion Apple devices – here’s how to protect yourself

Must read

An urgent warning has been issued to all 1.46 billion iPhone users after tech experts uncovered a new cyberattack targeting Apple IDs.

Bad actors are using SMS phishing campaigns that send messages claiming to be from Apple, prompting users to visit a link to an ‘important request’ about iCloud.

California-based Symantec security firm discovered the attack this month, warning the links lead to fake websites that urge users to hand over their Apple ID information.

Apple has established guidelines for such an attack, urging iPhone owners to use two-factor authentication that requires a password and six-digit verification code to access their account from an outside device.

Bad actors are using SMS phishing campaigns that send messages claiming to be from Apple, prompting users to visit a link to an ‘important request’ about iCloud

‘These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases,’ Symantec shared on its website.

‘Additionally, Apple’s strong brand reputation makes users more susceptible to trusting deceptive communications that appear to be from Apple, further enhancing the attractiveness of these targets to cyber criminals.’

The company released the warning on July 2, noting it observed a malicious SMS floating around that showed: ‘Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.’

Symantec found that the hackers added a CAPTCHA to the fake website to make it appear legit.

Once completed, it takes users to an outdated iCloud login template.

Apple noted on its support page that scammers may also ask iPhone users to disable features like two-factor authentication or Stolen Device Protection.

‘They will claim that this is necessary to help stop an attack or to allow you to regain control of your account,’ the tech giant shared.

Symantec found that the hackers added a CAPTCHA to the fake website to make it appear legit and once completed, it takes users to an outdated iCloud login template

Symantec found that the hackers added a CAPTCHA to the fake website to make it appear legit and once completed, it takes users to an outdated iCloud login template 

‘However, they are trying to trick you into lowering your security so that they can carry out their own attack.

‘Apple will never ask you to disable any security feature on your device or on your account.’

There are ways to identify fraud – and a dead giveaway is the link in the text.

While the message may look credible, the URL will not match Apple’s website.

The tech giant also shared that hackers usually send texts that look significantly different from the company’s standard.

The scams are also not limited to impersonating Apple as many users have reported text messages claiming to be from Netflix, Amazon and other well-known companies. 

These fake messages claimed users’ accounts were frozen or credit cards had expired, prompting them to click a link that asks for personal or bank account information.

‘If you get a text message you weren’t expecting and it asks you to give some personal or financial information, don’t click on any links,’ the Federal Trade Commission has warned.

‘Legitimate companies won’t ask for information about your account by text.’

‘If you think the message might be real, contact the company using a phone number or website you know is real. Not the information in the text message.’

Latest article