New 'smishing' attack may target your iPhone, Apple ID: What to know
(NEXSTAR) — It seems that as long as technology has been a part of our daily lives, there have been scams targeting our devices and accounts. That includes everything from romance scams to scammers texting you photos of wine bottles.
The latest attack appears to be targeting Apple users, according to multiple reports.
More specifically, hackers behind the 'smishing' attempt — the term often used for phishing attacks sent via text messages — seem to be trying to get your Apple ID login, Macworld and 9to5Mac have reported.
According to both outlets, Apple users have been receiving messages purportedly from service representatives that contain a website link. Clicking on that link takes users to what appears to be a login site for iCloud that even contains a CAPTCHA, which could give "the user a sense of legitimacy," Macworld explains.
In a protection bulletin issued last week, Symantec, a security software suite, shared an example of a malicious text message sent as part of the smishing attempt: "Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services."
The company noted that some Apple users are receiving the message by email as well. It's unclear how many Apple users may have gotten the message.
Regardless of whether it comes as a text or email, there are multiple give-aways that this message is sent by a bad actor.
Most notably, if you aren't working with Apple support, the message is likely a scam, as the company does not usually send iCloud messages over text. Also, notice the link: as 9to5Mac notes, 'authen-connexion' is a random domain, and iCloud already has its own official website.
Apple also does not use CAPTCHA for logging in. Instead, you likely receive a code via text or use Face or Touch ID to log in.
"Typically [scammers] will send you to a fake website that looks like a real Apple sign-in page and insist that you verify your identity," Apple explains. "Apple will never ask you to log in to any website, or to tap Accept in the two-factor authentication dialog, or to provide your password, device passcode, or two-factor authentication code or to enter it into any website."
Further still, Apple says it will never ask for your Apple ID in order to provide support.
"Never share personal data or security information like passwords or security codes, and never agree to enter them into a webpage that someone directs you to," the company adds.
If you receive an email claiming to be Apple that seems suspicious, Apple asks that you forward it to reportphishing@apple.com. If you receive a text instead, Apple recommends sending a screenshot of it to the same email.
"If you're suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money, it's safer to presume that it's a scam — contact that company directly if you need to," Apple says.