Apple users are being warned about a new SMS phishing scam that attempts to trick users into handing over access to their Apple ID credentials.
Users on social media first reported the scam earlier in April. The scam had initially only been targeting users in the United Kingdom , or those with phones on UK networks. However, a surge of similar reports have surfaced over the past 48 hours from users in the United States, Europe, Australia and Singapore, which are likely the result of copycat scammers.
Users have reported receiving a suspicious SMS which reads:
“The Apple ID associated with this number is due to be terminated. To prevent this, please confirm your details at supportatapple.com – Apple Inc.”
When a user clicks the link in the message they are taken to a website designed to mirror the look of the Apple login page, where they are then asked to input personal information such as date of birth, postal address and credit card details.
Users then receive a message saying their Apple ID has locked due to security reasons. However, the personal information that had just been submitted will already have been sent to the servers of the hackers responsible for the phishing scam, reports online security expert Graham Cluley.
Phishing is increasingly used by cybercriminals to obtain personal information via email or SMS. Commonly these messages or emails, at first glance, look like they are from legitimate sources, such as from banks or credit card companies, but instead are designed to trick unsuspecting users into clicking on a malicious link.
Moreover, the cybercriminals responsible for such scams are able to make the phishing emails or SMS seem even more realistic by presenting the potential victim with additional information, likely to be taken from social media accounts from sites like Facebook or LinkedIn.
While the majority of users are likely to know the potential dangers of clicking a suspicious link or opening an email attachment from an unfamiliar source, unsuspecting or perhaps less tech savvy users are not, and can often fall victim to such scams.
On its support website, Apple already warns users that they “should never enter Apple account information on any non-Apple website”, with all account related activity normally taking place in iTunes and not within a web browser.
Last year the FBI reported that more than 7,000 US companies had been the victim of phishing attempts by email which accounted for losses totaling more than $740 million.
Jonathan is our Google Nexus and Android enthusiast. He is also fanatical about football which makes it all the more strange that he should support Stockport County. In addition to writing about tech, Jonathan has a passion for fitness and nutrition and has previously written for one the UK’s leading watch and horology websites.