Apple

iPhone Scam Alert: This Text Phishes for Your Apple ID, Password

Posted on April 22nd, 2016 by

iPhone users are being warned this week about a new text message scam phishing for Apple IDs and passwords. Thousands of iPhone users have reportedly been affected by the scam, tricking people into giving up their passwords and other private information.

The scam comes to your iPhone in the form of a text message, and claims, "Your Apple ID is due to be expire today. Prevent this by confirming your Apple ID at..." and albeit laughably including grammatical errors typical of phishing scam (later versions of the text fixed the grammatical error), successful social exploitation would likely result in your Apple ID credentials getting hijacked.

A number of Apple iPhone users have recently been hit with the text message scam, and have taken their frustrations to Twitter.

Potential victims are led to an unofficial yet legitimate looking website, AppleIDLogin.co.uk, where they are asked to input their Apple ID and password.

If the victim provides the scammer with their Apple credentials, according to security guru Graham Cluley, who issued an alert on his personal blog, he or she will still be notified that the Apple ID "has been locked for security reasons."

At this point, the website will ask for more private information, such as credit card information.

Apple Expired Website

Image source: Screen grab via Graham Cluley

Graham wrote:

The phoney website pictured above is designed to grab your personal information and pass it straight on to online criminals. They could use those details to commit fraud, or sell your credentials on to other crooks on the computer underground.

For the security-minded folks, the first clue that this is a scam is, of course, the URL of the site you're asked to visit. The website is clearly not genuine and unrelated to Apple Inc. These types of phishing attacks are not new, but they do appear to be happening more often these days.

The best defense to protect yourself is to stay vigilant, be aware of scammers who attempt to trick you into giving up personal information, and to delete any texts received that look suspicious — even if only slightly suspicious.

Apple also mentions on its website that users should "never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be."

If, for whatever reason, you are concerned about malware on your iPhone, Intego VirusBarrier for Mac allows you to scan files and attachments on iOS devices, and finds and eradicates malware found in document directories on iPhones and iPads.

And finally, if you haven't already done so, enabled two-factor authentication on your Apple ID account right now — this will provide you with an additional layer of security.

  • Hailey

    So my friend got an email from Apple ID and went to it and it was the fake stuff but he put in some personal information and then clicked next and then it went to the next page of asking more personal stuff but he exited out of it. Do you think his information was saved from the previous page even if he didn’t finish it?

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}