Top iPhones are hugely popular devices, and that makes Apple fans prime targets for scammers and fraudsters. If you fall victim, you could end up losing your Apple ID (now called an Apple account), your money, and more.
A new attack that uses SMS messages to steal your Apple ID and all the data it contains is a perfect example of this. Broadcom was the first to detect it and it involves “a threat actor distributing malicious SMS messages in the United States.” This attack, known as “smishing,” tells recipients that they must log in to iCloud to “continue using your services.” It then directs you to a fake website that mimics the real iCloud site. If users log in, their usernames and passwords are stolen.
Apple is well aware of the threats its customers face and has just published a series of tips and recommendations on how to avoid falling victim to malicious scammers. In a new post on the company’s support website, Apple explains what social engineering scams are, including phishing SMS messages of the type identified by Broadcom, as well as fraudulent calls impersonating support staff. The article also contains a wide range of tips and recommendations on how to avoid falling into scammers’ traps and losing vital information that could be exploited by malicious actors.
If you're concerned about the incident detected by Broadcom, Apple has one key piece of advice: “If you're suspicious of an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money, it's safest to assume it's a scam — contact that business directly if necessary.” Being cautious could mean the difference between safety and a scam.
How to stay safe
Phishing is a very common tactic that usually involves tricking you into believing that a scammer is a genuine representative of the company, with the aim of tricking you into giving them important private information. The scammer might send you an email stating that you need to claim a prize (fake) or they might call you pretending to be from Apple support and asking you to give them your account password, for example.
Typically, social engineering scams rely on two things: trust and urgency. The scammer wants you to believe they are trustworthy so you feel comfortable giving them money or vital login details. On top of that, they want you to feel rushed so you don't have time to think about whether they are taking advantage of you.
With that in mind, Apple’s article contains information about what you can do to protect yourself and how you can report a scam attempt, whether successful or not. For example, Apple says that if a scammer’s email isn’t sent from the web address of the company it claims to be from, it’s probably fraudulent. You can mark suspicious messages and calendar invites as spam, report fraudulent calls to the FTC, and block unwanted calls from your phone. Apple’s guide also provides a list of official Apple email addresses you can contact to report scams of various kinds.
It's important that if you think your Apple ID (or any other account) has been compromised, you change your password as soon as possible to prevent scammers from gaining access to it. Secondly, the Have I Been Pwned website allows you to enter your email address to check if it has been compromised, and can be used in conjunction with Apple's tips. Follow those tips and you'll have a better chance of staying safe and beating scammers.
