It’s important to be cautious of suspicious texts and emails you receive from unknown senders, but threat actors are always finding new ways to trick victims. For instance, Broadcom recently warned about a new smishing (a combination of “SMS” and “phishing”) campaign by hackers targeting iPhone owners in an attempt to steal their Apple IDs.
As Broadcom explains, smishing attacks are usually conducted via email, but hackers also use malicious text messages to snatch credentials. One recent campaign involves hackers sending texts posing as Apple customer service, telling users that they need to log in to continue using their Apple IDs, and including a link to a malicious website.
Here’s what one of the malicious SMS messages looked like: “Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.”
That’s clearly not an official Apple website, but if you weren’t paying attention, you might tap it anyway just to make sure nothing was wrong with your iCloud. If you were to click through, you would find a seemingly genuine website that even features a CAPTCHA to add legitimacy. After that, users are sent to a webpage that looks like an outdated iCloud login template.
Hopefully, at some point in the process, you will have realized your mistake, but if not, you could end up serving up your Apple ID details to hackers on a silver platter.
Apple is rarely, if ever, going to ask you to confirm your login details via text message. Always be wary when you unexpectedly receive a text from an unfamiliar source, especially if the message includes a link, a phone number, or any urgent directions.