True story: every time we run a post warning people of a new iMessage phishing scam that pops up, we get a bunch of feedback from readers via email. Some people thank us for the heads up, but others email to complain that these phishing scams are so obvious and no one actually falls for them so warnings are a waste of time. That notion is of course preposterous, and unsuspecting users fall victim to these scams all the time. That’s why these scams still exist, obviously.
Well, last time we covered one of these scams, we received a bunch of obligatory complaint emails like we always do. But then, just over a week later, one of the people who emailed us sent a follow-up. After telling us that we’re wasting our time with these warnings, his own wife fell victim to the very scam we warned people about. She lost access to her Apple ID account and had personal data stolen as a result.
Long story short, please take these warnings seriously and be sure to pass them on to all of your less savvy friends and family.
With that out of the way, it’s time to bring a fresh new iMessage scam to your attention. We received a handful of emails about this one over the past few days, and a recent thread on Reddit calls attention to the same scam. Like other phishing scams that have come before it, this one looks to steal Apple ID login credentials from unwitting iPhone users.
“Your AppleID is due to expire today,” the incoming text message reads. “Tap [URL removed] to update and prevent loss of services and Apps.”
There are several warning signs that this is a scam, and those warning signs are obvious to savvy users. We’re looking at a text message from a user labeled “iMessage,” AppleID is missing a space, the URL does not point to an Apple domain, and Apps is capitalized for some reason. Oh, and Apple IDs don’t ever expire, of course.
The problem is that while these things may be evident to you, they’re not evident to everyone. Older smartphone users in particular tend to fall victim to these scams more often than not. If you tap the link, you’re led to a page where you’re asked to enter your Apple ID login. Needless to say, anything entered into the site is then stolen by the perpetrators of the scam.
It’s easy to shrug off scams like this, but taking a few minutes now to warn your friends and family can save hours or even days of headaches down the road.
