A recent cyberattack has targeted many Apple iPhone and iPad users. The attack, a textbook case of “smishing”, which is short for SMS phishing, involves sending fake text messages that appear to be from Apple.
Upon clicking the link, iPhone users are taken to a website that looks like an iCloud login page from Apple. But it’s not.
After entering their Apple ID and password, the information is sent to the attackers, who can then access your personal and financial information, and potentially take over your devices.
In some cases, the attacker will then send you to the real Apple website, hoping to trick you into thinking you simply entered your credentials incorrectly.
Apple said that users can protect themselves by enabling two-factor authentication on their Apple ID, and being wary of any unsolicited messages.
If you’re suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money, it’s safer to presume that it’s a scam — contact that company directly if you need to.
Apple said in a statement.
So far, there’s no evidence to suggest that the attackers have taken advantage of the data they’ve stolen, said Symantec, a California-based security firm that first reported about the cyberattack.
However, the cybersecurity company said that the smishing campaign is ongoing and that iPhone users are likely to be targeted in the days and weeks ahead.
Here’s a list of tips for avoiding smishing attacks:
• Don’t click on links in unsolicited text messages.
• Be skeptical of unsolicited messages that claim to be from a well-known brand or organization.
• Don’t provide sensitive information in response to unsolicited requests.
• Use two-factor authentication on your accounts.
• Install a mobile security app on your smartphone and keep it updated.
• Regularly backup your important data on your smartphone and other devices.
• Keep your device’s operating system and apps updated with the latest patches.
• Be cautious of messages that create a sense of urgency, as this is a common tactic used in smishing attacks.