Attention iPhone users: A new SMS attack could steal your Apple ID credentials
A recent report by Broadcom warns of a phishing attack targeting Apple users. In the attack, a user receives an SMS message or email from a source claiming to be an Apple service representative. The message provides a link to a website posing as iCloud.com and also displays a CAPTCHA that the user needs to complete, giving the user a sense of legitimacy. Once logged, the user is shown an old iCloud webpage.
According to Broadcom, “smishing” attacks (phishing attacks done via SMS rather than email) like this one usually target mobile browsers and select regions to avoid detection. However, this attack seems to be executed on both Macs and iPhones. Broadcoms states that a recent smishing message read as follows:
Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.
How to protect yourself from phishing attacks
Broadcom specifically recommends its own Symantec Endpoint Protection Mobile to protect yourself from phishing attacks. Other security software suites may provide protection if they offer the ability to analyze links in SMS messages. Macworld has a set of tips you can use to avoid phishing attacks. Before clicking a link, always check the URL before clicking on it. An official Apple iCloud correspondence (which would likely never come via text) will have Apple.com or iCloud.com in the address.
Of note in this attack is the use of CAPTCHAs–Apple doesn’t use these to secure its logins. When logging into iCloud.com, a security check is done with Touch ID or Face ID. In other situations, Apple will ask for a six-digit numeric code that is sent to your device. A CAPTCHA often displays a series of characters in a stylistic way–one or two letters appear curvy while the others are straight, for example–and the user has to type the characters correctly in a box before getting full access to the site. Apple also doesn’t use those security “puzzles” where the user has to pick a certain type of picture from a bigger set of pictures.
No device is completely invulnerable. It’s a good idea to install the latest version of iOS that a device can support in order to ensure that the latest security patches are installed. Learn more about iPhone malware and viruses. We also have tips on how to protect your phone from hackers.