By Nikki, Chief Science Correspondent for Dailymail.Com
17:20 10 July 2024, updated 17:49 10 July 2024
Apple has issued new guidance for all iPhone users on how to protect themselves following a cyberattack that targeted more than a billion devices last week.
The company warned users that hackers are using social engineering tactics, such as pretending to be company representatives, to gain access to personal information such as logins, security codes and financial information.
Look out for phishing emails that trick users into sharing information or handing over money, as well as fraudulent pop-up ads, fake promotions, unsolicited calendar invites, and fake calls.
As a first step, if they don’t already have it activated, iPhone owners should set up two-factor authentication, which requires a password and a six-digit verification code to access their account from an external device.
Apple urges users to be wary of receiving fake calls from what appears to be a legitimate phone number, but is actually a bad actor trying to steal your information.
They may try to build a relationship to gain your trust and provide personal information about your account, such as your home address, place of employment, or even your social security number.
This scammer will likely claim that there is a problem with the account and that someone has made unauthorized charges using Apple Pay, and it will appear urgent, so the user will feel pressured to resolve the situation immediately.
Click here to resize this module
Spoof calls usually work by creating a strong sense of urgency to give you no time to think and to discourage you from contacting Apple directly,” Apple warned.
“For example, the scammer may say you can call Apple back, but the fraudulent activity will continue and you will be held liable. This is fake and designed to prevent you from hanging up.’
Apple noted on its support page that fraudsters may also ask iPhone users to disable features such as two-factor authentication or device theft protection.
“They will claim that this is necessary to stop an attack or for you to regain control of your account,” the tech giant said.
“However, they are trying to trick you into lowering your security so they can carry out their own attack.
The company said there are ways to identify fraudulent emails and messages to avoid being tricked into giving away your personal information.
First, users should look at the sender’s email or phone number to see if it matches the company name and if their email address they used to contact you is different from the address on your account.
Other methods include checking whether the URL they sent matches Apple’s website, whether the message looks different from others you’ve received from the company, and whether it asks for personal information such as an account password or credit card number.
If a user receives a suspicious call, they should immediately hang up and call Apple directly to verify the notification they received, or they can report scam calls to the US Federal Trade Commission or local law enforcement.
Apple’s warning comes just a week after fraudsters used SMS phishing campaigns to send fake messages to iPhone users telling them to visit a link to an “important request” about iCloud.
California-based security firm Symantec discovered the attack this month and warned that links lead to fake websites that prompt users to hand over their Apple ID details.
The company issued a warning on July 2, noting that a malicious SMS was floating around that read: “Important Apple iCloud Request: Sign in to visit[.]authentic connection[.]info/icloud so you can continue using your services.”
Symantec reported that the hackers added a CAPTCHA to the fake website to make it look legitimate, and when done, would redirect users to an outdated iCloud login template.
“Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast number of potential victims,” Symantec said in a warning last week.
“These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue from unauthorized purchases.”
Apple clarified that its support representatives never send users to a website link to log in, or ask them to provide a device password or two-factor authentication code.
“If someone claiming to be from Apple asks you for any of the above, they are a fraudster participating in a social engineering attack. Hang up or otherwise end contact with them,” Apple said.