Cyberattack Targets iPhone an Apple IDs – Learn How to Avoid this Type of Scam
July 2024
As recently reported by national news outlets, there is a new cyberattack targeting iPhone users through a text message (SMS) and email phishing campaign, that tricks them into revealing their Apple ID credentials. The attack uses fake messages claiming to be from Apple and directs users to a fraudulent iCloud login page in an attempt to steal their username and password information.
If you suspect a message to be a phishing attempt, you can quickly report it using Outlook's "Report Phish" feature. If you are not using Outlook, or if you cannot determine if an email is legitimate or not, please forward the email to phish@miami.edu to notify the IT Security team.
How the Scam Works
Cybercriminals send fake text and email messages pretending to be from Apple. These messages urge you to click a link for an iCloud update or verification. The link directs you to a fake website designed to steal your Apple ID and password.
After clicking the link, you're taken to a fake iCloud login page and asked to enter your credentials. This gives cybercriminals access to your personal and financial information, as well as control over your devices.
Below are samples of this type of scam. (Note the strange email return address originating from a non-Apple account.)
View Larger Image
How to Protect Yourself from Apple Text and Email Scams
- Use Strong Antivirus Protection: This helps stop you from clicking malicious links or downloading harmful files that could steal your private information.
- Stay Skeptical: Scammers use urgent language to make you act quickly. Phrases like "act now" or "important" are red flags. Be cautious of any unexpected messages.
- Enable Multi-Factor Authentication (MFA): This adds an extra layer of security to your Apple ID. Verify messages claiming to be from Apple by logging into your account directly through the official website or settings.
- Keep Software Updated: Regularly update your operating system, browsers, and antivirus software to protect against the latest threats.
What Should You Do If You've Been Hacked
If you ever fall victim for this type of scam, you can still take steps to protect yourself:
- Scan for Malware: Use a reputable antivirus program to scan your device.
- Change Passwords: Use another device to change passwords for all important accounts. Use strong, unique passwords and consider a password manager.
- Monitor Your Accounts: Regularly check for suspicious activity in your online accounts and credit reports.
- Use Identity Theft Protection: These services can track and alert you to suspicious use of your personal information.
- Contact Your Bank and Credit Card Companies: Inform your bank and credit card companies to freeze or cancel affected accounts.
- Alert Your Contacts: Warn your contacts about any suspicious messages from your compromised accounts.
- Factory Reset Your Device: Restore your device to factory settings to remove any malware. Remember to back up/save important data first.
We're Here to Help!
If you receive a suspicious looking email, click on Outlook's "Report Phish" button while the email is open. With a simple click, the suspicious email will be forwarded to the IT Security team for review, enabling them to respond quickly to threats. If you are not using Outlook, or if you cannot determine if an email is legitimate or not, please forward the email to phish@miami.edu to notify the IT Security team.
If you are ever a victim of phishing, e.g., you clicked a link, provided login information via a fraudulent site, and/or downloaded an attachment from a suspicious source, please contact the IT Security team at infosec@miami.edu.
