Apple has sent a warning to all 1.46 billion users of Apple devices worldwide after tech experts spotted a cyberattack targeting Apple IDs.
Experts explained that hackers are using SMS phishing campaigns that send messages claiming to be from Apple. The messages then encourage users to visit a link to an "important request" about iCloud.
Symantec, a California-based security firm, uncovered the attack in July. The firm explained that the links lead to fake websites that tell users to input their Apple ID information.
Apple has established guidelines for similar attacks, urging iPhone owners to activate two-factor authentication (2FA) that requires a password and a six-digit verification code to access their account from an outside device.
On its website, Symantec advised that Apple credentials are "highly valued" among hackers because they prove "control over devices, access to personal and financial information, and potential revenue through unauthorized purchases."
Symantec explained that Apple's strong brand reputation makes users more prone to trusting deceptive communications pretending to be from Apple. It also makes Apple customers attractive targets to cyber criminals.
The warning was released on July 2, and it said that a malicious SMS being sent contained the following text:
"Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services."
Symantec added that the hackers added a CAPTCHA to the fake website to make it seem more legitimate to their targets. Once completed, the website will redirect users to an outdated iCloud login template.
On its support page, Apple cautioned that scammers may ask iPhone users to disable features like 2FA or Stolen Device Protection because it can help "stop an attack or to allow you to regain control of your account." In reality, disabling these features will instead lower your security so they can carry out their own attack.
The company warned that Apple will never ask users to disable security features on their devices or their accounts. (Related: Cyberattack disrupts operations in hospitals and clinics operated by Prospect Medical Holdings.)
Human knowledge is under attack! Governments and powerful corporations are using censorship to wipe out humanity's knowledge base about nutrition, herbs, self-reliance, natural immunity, food production, preparedness and much more. We are preserving human knowledge using AI technology while building the infrastructure of human freedom. Speak freely without censorship at the new decentralized, blockchain-power Brighteon.io. Explore our free, downloadable generative AI tools at Brighteon.AI. Support our efforts to build the infrastructure of human freedom by shopping at HealthRangerStore.com, featuring lab-tested, certified organic, non-GMO foods and nutritional solutions.
If you're not sure what to look for, there are some effective ways to identify fraud, such as checking the link in the text. Even if the message seems legitimate, the URL will not match Apple's website.
The company also cautioned users that hackers will often send texts that look significantly different from the company's standard text messages.
Scam also targets customers from other companies like Amazon and Netflix
Apple isn't the only company being targeted by cybercriminals. Other scams where hackers impersonate companies have many users reporting text messages claiming to be from Amazon, Netflix and other well-known companies.
The fake messages will claim that an account is frozen or credit cards have expired. The texts will then prompt account holders to click a link that asks for personal or bank account information.
The Federal Trade Commission (FTC) has warned that if you receive a text message that you weren't expecting and it asks you to give out your personal or financial information, don't click on suspicious links.
"Legitimate companies won't ask for information about your account by text," warned the agency. The FTC also said that if you think the message might be real, you can confirm by contacting the company "using a phone number or website that you know is real."
Visit Deception.news to read more stories about other cyberattacks in the United States.
Watch the video below to learn more about phishing emails.
This video is from the SecPoint channel on Brighteon.com.
More related stories:
Massive cyberattack hits U.S. Big Pharma leaving tens of thousands of prescriptions unfilled.
Global cybercrime kingpin BUSTED in crackdown involving multiple law enforcement agencies.
Polish government claims two Russian groups actively engaging in cyberattacks against Poland.
Sources include:
Please contact us for more information.
