People hit by the scam usually receive an unsolicited message which claims to come from Apple, urging them to immediately change their Apple ID password before it expires.
Victims are then directed to an unoffical but legitimate-looking website like AppleIDLogin.co.uk, where they are asked to input their username and password.
Anyone else received one of these Apple ID texts? Is it all above board or is it some kind of phishing scam?
After that, they are told their account has been locked for "security reasons," and are directed to enter other personal information like address and credit card details, in order to "unlock" the account, according to security expert Graham Cluley.
Of course, the site isn't genuine - it's all part of an elaborate phishing attack, designed to get users to hand over information which could be used by cybercriminals.
Many security-savvy people wouldn't be taken in by such a scheme, but the scammers have taken some measures to appear as real as possible, by using the recipient's real name in the text message and making their name appear in targets' phones as 'AppleInc'.
A number of Apple users appear to have been hit with the scam messages recently
There have been previous reports of this scam being carried out over emailbefore, but it appears to have reared its head once again.
Apple's phishing support page advises users to "never send credit card information, account passwords, or extensive personal information" to someone, unless they've fully verified the senders are who they say they are.
By carefully reading suspicious emails or texts and thinking critically about the message's claims, it should be easy to avoid such scams.
It also pays to look closely at the address bar of a website - if it's a genuine Apple site, 'Apple Inc', sometimes alongside a padlock, will appear in green on one side, depending on which browser you use.
It also helps to look at the URL itself - official Apple websites, like AppleID.Apple.com usually contain the company's actual domain. If you see something like AppleExpired.co.uk or AppleIDLogin.co.uk, you know something's amiss.
As usual, the best defence against phishing attacks is to stay vigilant and ignore or delete any messages that look even slightly suspicious. If you're still in doubt, contact the actual company directly, and they'll be able to verify whether there's any real problems or not.
No comments:
Post a Comment