All iPhone users are being warned about a wave of new phishing emails that try to steal their account credentials.
Cybercriminals are sending fake emails that claim to be from Apple, telling users their accounts have been suspended and prompting them to take further action.
The fraudulent email tells users to click on a link to verify their account, redirecting them to another page that steals their login and two-factor authentication information.
The website requires unsuspecting victims to enter their usernames and passwords, giving hackers instant access to their digital wallets.
To make the communication appear more urgent, hackers also warn the user has only 24 hours to verify their Apple ID or it will be permanently locked.
Hackers are taking advantage of people gravitating toward online Black Friday and
Cyber Monday shopping deals to convince users that their Apple ID was suspended on their iPhone.
These emails can be tricky to navigate because they look like a standard Apple Support email.
However, there are red flags to look out for including poor punctuation and grammar and an email domain that doesn’t end in @apple.com.
Hackers are taking advantage of the holiday season to target Apple users with phishing emails that claim their account was locked
‘Apple will never ask you to log in to any website, or to tap Accept in the two-factor authentication dialog, or to provide your password, device passcode, or two-factor authentication code or to enter it into any website,’ Apple shared on its website.
‘Phishing scams like the Apple ID Suspended scheme are becoming increasingly prolific and under immediate urgency,’ Jake Moore, a former digital crimes law enforcement officer and now global cybersecurity advisor at ESET, said.
‘Many people are still manipulated by the clever tactics used by criminal hackers.’
To appear credible, hackers often mention your personal information like your name or phone number to gain the user’s trust.
They will try to instill a strong sense of urgency to dissuade you from reaching out to Apple directly.
If users are unable to spot the red flags in the message, ‘it is important to verify the sender’s email address for any discrepancies,’ Moore continued.
‘And avoid clicking on suspicious links as this is where scams often begin,’ he said, adding ‘if you are ever in doubt of an Apple ID issue, go directly to the official Apple website to double check.’
Apple has provided steps on retrieving your ID if compromised.
‘If you believe that your Apple Account has been compromised, or if you might have entered your password or other personal information on a scam website, change your Apple Account password immediately and ensure that two-factor authentication is enabled,’ the tech giant shared on its Support page.
The phishing emails require users to enter their login credentials, including two-factor authentication, to fix the so-called problem. Instead, they’re stealing that information to authorize spending
There is another hack floating around that also uses fake messages to access users’ iCloud.
The scam, sent out via email and text messages, tells the user that there is a problem with their iCloud account and it needs to be addressed immediately.
iCloud is a cloud-based program that enables users to store data, including pictures and messages, on multiple Apple devices. While an Apple ID is a private account that grants access to Apple services.
The messages may also state the an iCloud is almost full and users can click the link for a free upgrade.
Just like the Apple ID hack, users are prompted to provide login credentials before receiving the upgrade or see what the alleged urgent problem is.
And hackers use the information to take control of the victim’s account, allowing them to authorize purchases to themselves.
Users should take steps to protect their accounts and avoid scams by never sharing personal data or security information, always use a two-factor authentication, and don’t click on links or open attachments from suspicious emails.
The company says it won’t ever ask users to log in to a website or provide your password or two-factor authentication code to enter into any site.
Apple added that if you aren’t sure whether the an email is real, you should first look at the email domain to confirm if it’s legitimate.
DailyMail.com has reached out to Apple for comment.