APPLE has urged iPhone owners to keep an eye out for five red flags that are telltale signs of fraud.
It comes as a new SMS attack targeting Apple customers spreads across the US.
In a recently updated security support page, Apple explains that phishing is a common social engineering tactic.
The purpose of the exercise is to get you to reveal important information about yourself that will then be used in your scam.
According to Apple, scammers will use any means they can to get you to share information or give money, including:
- Fraudulent emails and other messages that appear to be from legitimate companies, including Apple.
- Misleading pop-ups and ads that say your device has a security problem.
- Fraudulent phone calls or voicemails that purport to be Apple support, Apple partners, or other known or trusted entities or individuals.
- Fake promotions that offer free products and prizes.
- Unsolicited invitations and Calendar subscriptions.
“If you suspect an unexpected message, call or request for personal information such as your email address, phone number, password, security code or money, it’s safer to assume it’s a scam – contact this company directly if you must ” writes Apple.
Avoiding these five red flags will help protect Apple customers from phishing campaigns like the one currently trying to steal Apple IDs.
The new phishing campaign consists of Apple customers receiving an SMS with text along the lines of: Apple iCloud Important Request: Visit Login[.]authentic connection[.]info/icloud to continue using your services.
The link leads to a malicious website with a fake iCloud login template that will send your email and password directly to scammers.
Apple has reminded customers of eight Dos and Don’ts to avoid scams that target your account and device, including:
- Never share personal or security information, such as passwords or security codes, and never agree to enter them on a website to which you are redirected.
- Protect your Apple ID. Use two-factor authentication, always keep your contact information safe and up-to-date, and never share your Apple ID password or verification codes with anyone. Apple never requests this information to provide support.
- Never use Apple Gift Cards to make payments to other people.
- Learn how to identify legitimate Apple emails about your App Store or iTunes Store purchases. When you send or receive money using Apple Cash (US only), treat it like any other private transaction.
- Learn how to secure your Apple devices and data.
- Only download software from sources you can trust.
- Do not follow links or open or save attachments in suspicious or spam messages.
- Do not answer suspicious phone calls or messages that claim to be from Apple. Instead, contact Apple directly through our official support channels.
If you believe that your Apple ID has been compromised, we recommend that you change your Apple ID password immediately.
If you may have entered your password or other personal information on a fraudulent website, you must also change your password.
Apple also urged customers to ensure that two-factor authentication is enabled on their accounts.
What is phishing?
HERE is what you need to know:
- Phishing is a type of online fraud
- This is usually an attempt to get some of your data
- Phishing generally involves scammers posing as a trustworthy entity
- For example, fraudsters could send you an email claiming to be your bank and asking for details
- Fraudsters can also set up fake websites that look real to simply trick you
- Phishing can take place via email, social media, text messages, phone calls, and more
- The best defense against phishing is to be generally skeptical of web links and emails, especially if they are unsolicited.