Attention iPhone Users, A New Security Attack Is Targeting Your Apple ID

apple smishing campaign hero
Security firm Symantec has posted a bulletin about a smishing (SMS phishing) campaign currently targeting Apple users in the United States. The end of goal for these threat actors is to take over a user’s Apple ID, which provides them access to an individual’s personal information, financial information, and potentially control of their devices.

The attack starts when a user receives an SMS message claiming to be from Apple, which asks the user to visit a link in order to complete an important iCloud request. This request claims it must be completed in order to continue using the service, which adds the notion of urgency to the request. To make this attack as convincing as possible, the threat actors added a CAPTCHA that needs to be solved. A victim is then moved on to a login page that mimics a design used in the past by Apple’s iCloud service.

apple smishing campaign body

This appears to be a broad reaching campaign, as Symantec notes the malicious website deployed by the attackers works on both mobile and desktop browsers. Threat actors will usually try to remain under the radar from security researchers by limiting what region or type of device their malicious websites will function on.

Whether using Apple devices or not, users need to be weary of any SMS messages containing links. Threat actors are incorporating this form of communication more often, alongside e-mail, as a way to phish victims. It’s always a better option to visit the official webpage of a company or service provider directly to check if any action is needed.

Hopefully, mobile providers can come up with solutions to combat these kinds of attacks, especially if a threat actor is sending bulk messages. However, it will always be up to a user to be on their toes to keep themselves secure online.