- Enable two-factor authentication immediately
- Beware of phishing emails, spoofing calls
- Verify sender’s info before responding
- Report scam calls to authorities promptly
Following a cyberattack that targeted over a billion iPhones last week, Apple has issued fresh advice to iPhone owners on how to protect themselves.
The business advised consumers that hackers are employing social engineering tactics, such as impersonating company staff, to get access to personal information such as sign-in credentials, security codes, and financial data.
Keep an eye out for phishing emails that lure users into giving personal information or handing over money, fraudulent pop-up advertising, false promotions, uninvited calendar invitations, and fake phone calls.
As a first step, iPhone users should enable two-factor authentication, which requires a password and a six-digit verification number to access their account from another device.
Apple warns consumers to be aware of receiving spoofing calls from what looks to be a legal phone number but is a bad actor attempting to steal their data.
They may attempt to establish rapport and earn your trust by disclosing personal information about your account, such as your home address, place of employment, or even your social security number.
This fraudster will most likely claim that the account is in trouble and that someone made unauthorized charges with Apple Pay, making the matter urgent so that the user feels compelled to handle it immediately.
Spoofing calls are typically used to create a strong sense of urgency, which prevents you from giving yourself time to deliberate and discourages you from calling Apple directly,’ Apple cautioned.
‘For example, the fraudster may claim that you are free to call Apple back, but the fraudulent operations will continue, and you will be held guilty. This is bogus and intended to deter you from hanging up.
Apple’s support page states that scammers may ask iPhone users to turn off features such as two-factor authentication or Stolen Device Protection.
‘They will claim that this is necessary to prevent an attack or to allow you to restore control of your account,’ the tech behemoth stated.
‘However, they’re attempting to deceive you into decreasing your security to launch their attack.’
The organization stated that there are ways to recognize bogus emails and messages and prevent being duped into disclosing personal information.
First, consumers should check the sender’s email or phone number to see if it matches the company’s name and whether the email address they used to contact you differs from the one on their account.
Other options include checking to see whether the URL link they supplied matches Apple’s website if the message differs from previous ones you’ve received from the company, and if it seeks personal information such as your account password or credit card number.
If a user receives a questionable call, they should hang up immediately and call Apple to confirm the warning they received. Alternatively, they can report scam phone calls to the US Federal Trade Commission or local law enforcement agencies.
Apple’s warning comes only a week after hackers used SMS phishing campaigns to send iPhone customers false messages instructing them to follow a link to a ‘critical request’ concerning iCloud.
Last month, the California-based security firm Symantec detected the hack, which warned users that the links lead to bogus websites that ask for their Apple ID credentials.
The business issued the alert on July 2, stating that it spotted a malicious SMS that read: ‘Apple important request iCloud:’ To continue using your services, please visit signin[.]authen-connexion[.]info/iCloud.
“Take a step towards financial freedom – claim your free Webull shares now!”
According to Symantec, the hackers added a CAPTCHA to the bogus website to make it appear legitimate. When the CAPTCHA was completed, users were directed to an out-of-date iCloud login template.
‘Phishing actors continue to target Apple IDs because they are widely used and provide access to a large pool of potential victims,’ Symantec stated in a notice last week.
‘These credentials are highly coveted because they provide control over devices, access to personal and financial information, and the opportunity for revenue from unlawful purchases.
Apple stated that its support agents would never direct consumers to a website link to sign in or request the device’s password or two-factor authentication code.
‘If someone purporting to be from Apple asks you for any of the above, they are a fraudster conducting a social engineering attack. ‘Hang up the phone or end communication with them,’ Apple stated.