Apple Gives Tips on Avoiding Phishing Scams Amid Warnings of New SMS Threat

Apple this month refreshed the security support document that provides iPhone, iPad, and Mac users with tips on how to recognize and avoid social engineering schemes like phishing messages and fake support calls.

iPhone 12 Security Feature
The updated information follows recent reports of "smishing" attacks targeting Apple IDs. Malicious actors have been sending out SMS text messages that attempt to get users to provide their Apple ID usernames and passwords on a fake iCloud website.

Apple's guidelines provide key information that all users should be aware of to protect themselves, such as a recommendation to ignore messages with suspicious links. Apple says that it will not ask for ‌Apple ID‌ passwords or verification codes, and users should contact Apple directly rather than answering a suspicious phone call or message claiming to be from Apple.

Further, Apple will not ask users to log into any website, to tap Accept in the two-factor authentication dialog, or to enter a two-factor code into a website. Apple will also not request that users disable features like two-factor authentication, Find My, or Stolen Device Protection. Apple's security tips:

  • Never share personal data or security information like passwords or security codes, and never agree to enter them into a webpage that someone directs you to.
  • Protect your ‌Apple ID‌. Use two-factor authentication, always keep your contact information secure and up to date, and never share your ‌Apple ID‌ password or verification codes with anyone. Apple never asks for this information to provide support.
  • Never use Apple Gift Cards to make payments to other people.
  • Learn how to identify legitimate Apple emails about your App Store or iTunes Store purchases.
  • Learn how to keep your Apple devices and data secure.
  • Download software only from sources you can trust.
  • Don't follow links or open or save attachments in suspicious or unsolicited messages.
  • Don't answer suspicious phone calls or messages claiming to be from Apple. Instead, contact Apple directly through official support channels.

Scammers will go to great lengths to get personal information, so Apple recommends watching out for tricks like creating a sense of urgency through scare tactics like stolen personal information or unauthorized charges. Scammers are after login information and security codes, so that information should not be entered on a website accessed through a link in a text or an email.

Apple also warns against downloading unrecognized, unsafe software and configuration profiles and following instructions on pop-ups. Users who receive a pop-up should ignore the message and close the entire window or tab.

Apple has further instructions on how to spot social engineering schemes, the forms those schemes can take, and how to report suspicious emails, messages, and phone calls. There is a separate support document on what to expect from Apple Support and the kinds of information Apple will not request.

Popular Stories

2024 iPhone Boxes Feature

iPhones Could Cost Up to $2,300 in the U.S. Due to Tariffs, Analyst Says

Friday April 4, 2025 9:30 am PDT by
U.S. President Donald Trump on Wednesday announced that steep tariffs will be applied to imports from many countries, starting April 9. The tariffs could have a significant impact on Apple, as the company assembles the majority of iPhones in China, and products imported to the U.S. from China will be subject to a 54% tariff. iPhone prices could increase by up to 43% in the U.S. due to the...
iphone 16 pro colors 1

Is Now the Time to Upgrade Apple Devices Before Tariffs Lead to Price Increases?

Friday April 4, 2025 3:41 pm PDT by
If you have an older Apple device that you've been considering upgrading, you're probably wondering how the newly announced tariffs might impact prices going forward, and whether it's worth buying now before there's a price hike. Given analyst and economist responses to the tariffs, market panic, and Trump's stance on the current financial chaos, the answer is that making a purchase...
iOS 19 Mock WWDC25 Feature

iOS 19 Expected to Run on These iPhones

Monday March 31, 2025 5:28 pm PDT by
iOS 19 will not be available on the iPhone XR, iPhone XS, or the iPhone XS Max, according a private account on social media site X that has accurately provided information on device compatibility in the past. The iPhone XR, iPhone XS, and iPhone XS Max all have an A12 Bionic chip, so it looks like iOS 19 will discontinue support for that chip. All other iPhones that run iOS 18 are expected...
iPhone 17 Pro 34ths Perspective

iPhone 17 Pro: New 48MP Telephoto Lens May Change How Zoom Works

Thursday April 3, 2025 5:11 am PDT by
Apple is reportedly planning a major upgrade to the Telephoto camera in the iPhone 17 Pro, and while it may seem like a step back on paper, the change could actually improve real-world usability, if one leaker's claims are anything to go by. According to Majin Bu, the iPhone 17 Pro will feature a new Telephoto lens with a 48MP sensor, up from the current 12MP sensor found in the iPhone 16...
iOS 18

12 New Things Your iPhone Can Do in iOS 18.4

Tuesday April 1, 2025 4:06 am PDT by
Apple has released iOS 18.4, bringing further refinements to Apple Intelligence features, a neat new capability to iPhone 15 Pro devices, new emoji, and more. While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.4 still introduces enhancements that aim to make your iPhone smarter and more intuitive. Below, we've listed 12 new things your ‌iPhone‌ ...
iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...

Top Rated Comments

Unity451 Avatar
10 months ago
"Smishing" is about the most un-menacing word I can think of. Beware of the Smishers! (by Dr. Seuss)
Score: 6 Votes (Like | Disagree)
JapanApple Avatar
10 months ago
“Download software only from sources you can trust”
these are words to live by
Score: 4 Votes (Like | Disagree)
kerr Avatar
10 months ago
Would be good if Apple could do their part.

iCloud, Apple TV+, software/rental purchases: email from no_reply@email.apple.com with Apple logo and blue verified checkmark. Great!

Hardware purchase: dodgy looking email from au_cons_do_not_reply@asia.apple.com, no evidence to suggest it's legitimate even though it is. Gmail understandably sends such emails to spam folder.
Score: 3 Votes (Like | Disagree)
Realityck Avatar
10 months ago
Took a week for this news to show up on most press/news services

original source July 2nd. (link was in the OP)
https://www.broadcom.com/support/security-center/protection-bulletin/apple-ids-targeted-in-us-smishing-campaign

Copy Link
Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims. These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases. Additionally, Apple's strong brand reputation makes users more susceptible to trusting deceptive communications that appear to be from Apple, further enhancing the attractiveness of these targets to cybercriminals.
These campaigns are mostly conducted via email although increasingly also through malicious SMS. A very recent case saw a threat actor distributing malicious SMS messages in the United States.
Observed malicious SMS:


* Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.

Typically, smishing actors restrict access to their malicious websites to users on mobile browsers and specific regions to evade detection by monitoring systems. However, in this instance, the malicious website is accessible from both desktop and mobile browsers. To add a layer of perceived legitimacy, they have implemented a CAPTCHA that users must complete. After this, users are directed to a webpage that mimics an outdated iCloud login template.
Score: 3 Votes (Like | Disagree)
now i see it Avatar
10 months ago
The scams always follow the same game plan. They’re easy to spot.

Always starts out with some sort of threat to create fear and anxiety.
In the past there were some that claimed you had come into tins of money.
Then -always- there’s a link that they provide to “fix” the problem or just a phone number.

Is it a Scam?
Threat or ridiculous + link = yes.
Easy.
Score: 3 Votes (Like | Disagree)
DavidMalcolm Avatar
10 months ago
Honestly, the lack of work done by large companies to cut down on scammers is a huge problem. The number of times I’ve talked to people who end up on a confusing scam website because they clicked on a Google ad for a major company that Google SHOULD have known wasn’t from that company and automatically blocked is staggering. Facebook is equally as guilty.

The fact that there haven’t been mandatory six month payout waits for in app purchases of gift card codes is nuts. The idea that Apple and Google are not required to refund people who buy these gift cards and give them to scammers is nuts to me.

Like how long has this been going on? There are easy steps that could have been put in place years ago that would have stopped these scammers from making tons of money to reinvest into their operations.

Even just a warning label in the back of all gift cards “these are gift cards, if someone over the phone asked you to purchase this and you did not buy this to use yourself or give to a friend and or family member, please return to a store for a refund with your receipt.”

The fact that phone companies aren’t legally required to provide any information about where a call is originating or how long that number has been assigned to that device is nuts. There’s so much that could be done automatically to prevent these scams, but it isn’t in the interest of stockholder value it’s in the interest of the good of society so nothing is done.
Score: 2 Votes (Like | Disagree)