iPhone users are being warned this week about a new text message scam phishing for Apple IDs and passwords. Thousands of iPhone users have reportedly been affected by the scam, tricking people into giving up their passwords and other private information.
The scam comes to your iPhone in the form of a text message, and claims, “Your Apple ID is due to be expire today. Prevent this by confirming your Apple ID at…” and albeit laughably including grammatical errors typical of phishing scam (later versions of the text fixed the grammatical error), successful social exploitation would likely result in your Apple ID credentials getting hijacked.
A number of Apple iPhone users have recently been hit with the text message scam, and have taken their frustrations to Twitter.
Anyone else received one of these Apple ID texts? Is it all above board or is it some kind of phishing scam? pic.twitter.com/KUfMZtggUF
— Dave Vitty (@davidvitty) April 16, 2016
Apple ID Scam. Warning. Got a text message from iCloudID asking for all you bank details? It’s a scam. My daughter almost got stung. Ignore!
— Ben Watt (@ben_watt) April 17, 2016
Potential victims are led to an unofficial yet legitimate looking website, AppleIDLogin.co.uk, where they are asked to input their Apple ID and password.
Apple ID scam texts are everywhere. Clone of real site, asks for everything possible, corrects unformatted details. pic.twitter.com/JTqsJNidRd
— Jim Waterson (@jimwaterson) April 17, 2016
If the victim provides the scammer with their Apple credentials, according to security guru Graham Cluley, who issued an alert on his personal blog, he or she will still be notified that the Apple ID “has been locked for security reasons.”
At this point, the website will ask for more private information, such as credit card information.
The phoney website pictured above is designed to grab your personal information and pass it straight on to online criminals. They could use those details to commit fraud, or sell your credentials on to other crooks on the computer underground.
For the security-minded folks, the first clue that this is a scam is, of course, the URL of the site you’re asked to visit. The website is clearly not genuine and unrelated to Apple Inc. These types of phishing attacks are not new, but they do appear to be happening more often these days.
The best defense to protect yourself is to stay vigilant, be aware of scammers who attempt to trick you into giving up personal information, and to delete any texts received that look suspicious — even if only slightly suspicious.
Apple also mentions on its website that users should “never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be.”
If, for whatever reason, you are concerned about malware on your iPhone, Intego VirusBarrier for Mac allows you to scan files and attachments on iOS devices, and finds and eradicates malware found in document directories on iPhones and iPads.
And finally, if you haven’t already done so, enabled two-factor authentication on your Apple ID account right now — this will provide you with an additional layer of security.