Apple users are being warned to be alert to smishing texts – the name given to phishing attacks carried out by sending SMS messages – trying to capture login credentials for Apple IDs.
The links direct to a fake iCloud page, and for 9to5Mac readers this is really one to warn your friends about …
There are a several pretty clear red flags for those in the know, but less tech-savvy users could still be fooled.
First, Apple doesn’t typically send iCloud messages via text. Second, the link in the texts is to a random domain (authen-connexion) with an /icloud directory simply added at the end. Finally, there’s a CAPTCHA to complete in order to login to the fake page. Apple, of course, doesn’t use these, as a 6-digit 2FA code is sent to one of your devices to authenticate the login.
Macworld reports that the malware targets both Macs and iPhones.
As always, our advice is to treat all links arriving via email or text as suspect. The safest approach is to only ever login to services using your own bookmarks, or by typing a known URL yourself.
FTC: We use income earning auto affiliate links. More.
Comments