A new cyberattack is targeting iPhone users, with criminals trying to obtain individuals’ Apple IDs as part of a “phishing” campaign, security software company Symantec said in an alert Monday.
Cybercriminals are sending text messages to iPhone users in the United States that appear to come from Apple, but are actually an attempt to steal victims’ personal identifying information.
“Attackers continue to target Apple IDs because of their widespread use, which provides access to a large pool of potential victims,” Symantec said. “These credentials are highly sought after because they provide control over devices, access to personal and financial information, and potential revenue generation through unauthorized purchases.”
Consumers are also more likely to trust communications that appear to come from a trusted brand like Apple, warned Symantec, which is owned by Broadcom, a maker of semiconductors and infrastructure software.
The malicious SMS messages appear to come from Apple and encourage recipients to click a link and sign in to their iCloud account. For example, a phishing SMS might read: “Important Apple iCloud request: Visit signin(.)authen-login(.)info/icloud to continue using your services.” Recipients are also prompted to complete a CAPTCHA test to appear legitimate, before being redirected to a fake iCloud login page.
These cyberattacks are commonly referred to as “smishing,” in which criminals use fake text messages from supposedly reputable organizations, rather than emails, to trick people into sharing personal information, such as account passwords and credit card details.
How to protect yourself
Be careful when opening text messages that appear to come from Apple. Always check the source of the message: if it comes from a random phone number, it’s almost certain that the iPhone manufacturer isn’t the sender. iPhone users should also avoid clicking on links that direct people to their iCloud account; instead, go directly to the login pages.
“If you are suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money, it’s safest to assume it’s a scam. Contact that company directly if necessary,” Apple said in an article about how to avoid scams.
Apple recommends that users always enable two-factor authentication for Apple ID to enhance security and make it harder for someone to access your account from another device. This feature is “designed to help ensure that only you can access your account,” Apple said.
Apple adds that its own support representatives will never send its users a link to a website and ask them to log in or provide their password, device passcode, or two-factor authentication code.
“If someone claiming to work for Apple asks you for any of the above information, they are a scammer engaging in a social engineering attack. Hang up the call or end all contact with them,” the company said.
The Federal Trade Commission also recommends setting your computer and mobile phone to update security software automatically.
Sen. Lindsey Graham says if Biden withdraws, it will be “a radically different race” for Trump
Evidence of Havana Syndrome suggests who may be responsible for mysterious brain damage
Jumping Clams! ‘SpongeBob SquarePants’ Celebrates 25 Years
News Source : www.yahoo.com
Gn tech
