In a new wave of cyber attacks, hackers are targeting Apple accounts (Apple IDs) of iPhone and other electronic device users.
A security company based in California stated that cybercriminals are attempting to lure Apple product users into divulging personal account information and security credentials through malicious phishing attacks. Hackers may also use the stolen credentials to further steal sensitive information or install malicious software on users’ devices.
According to a warning notification released on July 2 on the website of Broadcom Inc., a company under Symantec, a leading U.S. cybersecurity company, with the popularity of Apple IDs, more and more people are becoming potential targets for hacker attacks.
The notification stated, “These account credentials are very valuable, and once obtained, can control mobile devices, access personal and financial information, and generate income through unauthorized purchases.”
“Moreover, the strong brand reputation of Apple makes users more likely to believe these deceptive messages seemingly coming from Apple, which emboldens cybercriminals.” Apple has not yet responded to a request for comment from New Tang Dynasty News regarding the situations mentioned in the notification.
Symantec stated in the notification that cybercriminals commonly use email for phishing attacks, but there is an increasing trend of sending malicious mobile text messages. In a recent phishing case discovered in the U.S., wrongdoers sent victims a fraudulent message disguised as being from Apple through text.
The content of this malicious text message read: “Apple has issued an important iCloud request, visit Signin[.]authen-connexion[.]info/iCloud to continue using your service.”
Once the malicious link in the message is clicked, users are directed to a webpage mimicking an outdated iCloud login template, prompting them to input their Apple ID information.
In order to make the phishing scam more convincing, perpetrators also added a human verification (CAPTCHA) step on the fake website.
Symantec pointed out that the fake website can be accessed through desktop or mobile browsers, which is uncommon in SMS phishing, “Usually, those conducting phishing will restrict mobile browser and specific region user access to their malicious websites to evade detection by monitoring systems.”
On July 4, Apple published guidelines on its support page, stating that scammers often claim to assist iPhone users in solving urgent issues.
“They may claim that someone has hacked into your iPhone or iCloud account, or used Apple Pay for unauthorized charges.” The guidelines stated, “Scammers will claim they can help you stop the account invader or reverse the charges.”
Apple also mentioned that scammers may urge iPhone users to disable security features such as two-factor authentication or device protections under the guise of helping prevent intrusion or regain account control, in reality undermining the security of iPhone users’ devices.
The company emphasized that they will never ask users to disable any security features on their phones or accounts.
Such types of fraud are not limited to Apple. To avoid falling victim to scams or identity theft, avoid opening suspicious emails or clicking unsafe links in unfamiliar emails; exercise extra caution when receiving calls or messages from strangers.