Apple Gives Tips on Avoiding Phishing Scams Amid Warnings of New SMS Threat

Apple this month refreshed the security support document that provides iPhone, iPad, and Mac users with tips on how to recognize and avoid social engineering schemes like phishing messages and fake support calls.

iPhone 12 Security Feature
The updated information follows recent reports of "smishing" attacks targeting Apple IDs. Malicious actors have been sending out SMS text messages that attempt to get users to provide their Apple ID usernames and passwords on a fake iCloud website.

Apple's guidelines provide key information that all users should be aware of to protect themselves, such as a recommendation to ignore messages with suspicious links. Apple says that it will not ask for ‌Apple ID‌ passwords or verification codes, and users should contact Apple directly rather than answering a suspicious phone call or message claiming to be from Apple.

Further, Apple will not ask users to log into any website, to tap Accept in the two-factor authentication dialog, or to enter a two-factor code into a website. Apple will also not request that users disable features like two-factor authentication, Find My, or Stolen Device Protection. Apple's security tips:

  • Never share personal data or security information like passwords or security codes, and never agree to enter them into a webpage that someone directs you to.
  • Protect your ‌Apple ID‌. Use two-factor authentication, always keep your contact information secure and up to date, and never share your ‌Apple ID‌ password or verification codes with anyone. Apple never asks for this information to provide support.
  • Never use Apple Gift Cards to make payments to other people.
  • Learn how to identify legitimate Apple emails about your App Store or iTunes Store purchases.
  • Learn how to keep your Apple devices and data secure.
  • Download software only from sources you can trust.
  • Don't follow links or open or save attachments in suspicious or unsolicited messages.
  • Don't answer suspicious phone calls or messages claiming to be from Apple. Instead, contact Apple directly through official support channels.

Scammers will go to great lengths to get personal information, so Apple recommends watching out for tricks like creating a sense of urgency through scare tactics like stolen personal information or unauthorized charges. Scammers are after login information and security codes, so that information should not be entered on a website accessed through a link in a text or an email.

Apple also warns against downloading unrecognized, unsafe software and configuration profiles and following instructions on pop-ups. Users who receive a pop-up should ignore the message and close the entire window or tab.

Apple has further instructions on how to spot social engineering schemes, the forms those schemes can take, and how to report suspicious emails, messages, and phone calls. There is a separate support document on what to expect from Apple Support and the kinds of information Apple will not request.

Popular Stories

maxresdefault

Apple Releases iOS 18.4 With Priority Notifications, Ambient Music, New Emoji and More

Monday March 31, 2025 10:03 am PDT by
Apple today released iOS 18.4 and iPadOS 18.4, the fourth major updates to the iOS 18 and iPadOS 18 operating system updates that came out last year. iOS 18.4 and iPadOS 18.4 come two months after Apple released iOS 18.3 and iPadOS 18.3. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to...
iOS 19 Mock WWDC25 Feature

iOS 19 Expected to Run on These iPhones

Monday March 31, 2025 5:28 pm PDT by
iOS 19 will not be available on the iPhone XR, iPhone XS, or the iPhone XS Max, according a private account on social media site X that has accurately provided information on device compatibility in the past. The iPhone XR, iPhone XS, and iPhone XS Max all have an A12 Bionic chip, so it looks like iOS 19 will discontinue support for that chip. All other iPhones that run iOS 18 are expected...
iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2 and AirPods 4

Monday March 31, 2025 11:27 am PDT by
Apple today released new firmware updates for all AirPods 4 and AirPods Pro 2 models. The new firmware is version 7E93, up from the 7B21 firmware that was installed on the AirPods Pro 2 and the 7B20 firmware available on the AirPods 4 and AirPods 4 with ANC. It is not immediately clear what new features or changes are included in the new firmware, but we'll update this article should we find ...
top stories 2025 03 29

Top Stories: WWDC 2025 Announced, iPhone 17 Pro and iOS 19 Rumors, and More

Saturday March 29, 2025 6:00 am PDT by
Apple's big developer event is a little over two months away, and rumors about what we can expect to see in Apple's next major operating system updates are becoming increasingly frequent. A public release of iOS 18.4 is also imminent with a number of updates and improvements, although we won't be getting the major Apple Intelligence Siri upgrades that had reportedly been planned for this...
iOS 19 visionOS UI Elements

Apple Codename Provides Clue About iOS 19's Rumored New Design

Sunday March 30, 2025 6:40 am PDT by
Multiple sources have claimed that iOS 19 will introduce a new design with more translucent buttons, menus, notification banners, and more, and there is now another clue that points towards this glass-like appearance. Bloomberg's Mark Gurman today said the new design project is codenamed "Solarium" internally. A solarium is a room with glass walls that allow in plenty of sunlight, so this...
macOS Sequoia Feature

Apple Releases macOS Sequoia 15.4 With Mail Categorization and More

Monday March 31, 2025 10:04 am PDT by
Apple today released macOS Sequoia 15.4, the fourth major update to the macOS Sequoia operating system that launched in September. macOS Sequoia 15.4 comes two months after the launch of macOS Sequoia 15.3. Mac users can download the ‌‌macOS Sequoia‌‌ update through the Software Update section of System Settings. It is available for free on all Macs able to run macOS 15. With...
Magic Mouse Green

What to Expect From the Magic Mouse 3

Saturday March 29, 2025 10:15 am PDT by
Apple is reportedly working on a new Magic Mouse. Below, we recap what to expect. The two key rumors for the Magic Mouse 3 so far include a relocated charging port, along with a more ergonomic design. It was briefly rumored that the Magic Mouse 3 would also feature voice control, but that was misinterpreted information. Relocated Charging Port While the Magic Mouse switched from...

Top Rated Comments

Unity451 Avatar
10 months ago
"Smishing" is about the most un-menacing word I can think of. Beware of the Smishers! (by Dr. Seuss)
Score: 6 Votes (Like | Disagree)
JapanApple Avatar
10 months ago
“Download software only from sources you can trust”
these are words to live by
Score: 4 Votes (Like | Disagree)
kerr Avatar
10 months ago
Would be good if Apple could do their part.

iCloud, Apple TV+, software/rental purchases: email from no_reply@email.apple.com with Apple logo and blue verified checkmark. Great!

Hardware purchase: dodgy looking email from au_cons_do_not_reply@asia.apple.com, no evidence to suggest it's legitimate even though it is. Gmail understandably sends such emails to spam folder.
Score: 3 Votes (Like | Disagree)
Realityck Avatar
10 months ago
Took a week for this news to show up on most press/news services

original source July 2nd. (link was in the OP)
https://www.broadcom.com/support/security-center/protection-bulletin/apple-ids-targeted-in-us-smishing-campaign

Copy Link
Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims. These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases. Additionally, Apple's strong brand reputation makes users more susceptible to trusting deceptive communications that appear to be from Apple, further enhancing the attractiveness of these targets to cybercriminals.
These campaigns are mostly conducted via email although increasingly also through malicious SMS. A very recent case saw a threat actor distributing malicious SMS messages in the United States.
Observed malicious SMS:


* Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.

Typically, smishing actors restrict access to their malicious websites to users on mobile browsers and specific regions to evade detection by monitoring systems. However, in this instance, the malicious website is accessible from both desktop and mobile browsers. To add a layer of perceived legitimacy, they have implemented a CAPTCHA that users must complete. After this, users are directed to a webpage that mimics an outdated iCloud login template.
Score: 3 Votes (Like | Disagree)
now i see it Avatar
10 months ago
The scams always follow the same game plan. They’re easy to spot.

Always starts out with some sort of threat to create fear and anxiety.
In the past there were some that claimed you had come into tins of money.
Then -always- there’s a link that they provide to “fix” the problem or just a phone number.

Is it a Scam?
Threat or ridiculous + link = yes.
Easy.
Score: 3 Votes (Like | Disagree)
DavidMalcolm Avatar
10 months ago
Honestly, the lack of work done by large companies to cut down on scammers is a huge problem. The number of times I’ve talked to people who end up on a confusing scam website because they clicked on a Google ad for a major company that Google SHOULD have known wasn’t from that company and automatically blocked is staggering. Facebook is equally as guilty.

The fact that there haven’t been mandatory six month payout waits for in app purchases of gift card codes is nuts. The idea that Apple and Google are not required to refund people who buy these gift cards and give them to scammers is nuts to me.

Like how long has this been going on? There are easy steps that could have been put in place years ago that would have stopped these scammers from making tons of money to reinvest into their operations.

Even just a warning label in the back of all gift cards “these are gift cards, if someone over the phone asked you to purchase this and you did not buy this to use yourself or give to a friend and or family member, please return to a store for a refund with your receipt.”

The fact that phone companies aren’t legally required to provide any information about where a call is originating or how long that number has been assigned to that device is nuts. There’s so much that could be done automatically to prevent these scams, but it isn’t in the interest of stockholder value it’s in the interest of the good of society so nothing is done.
Score: 2 Votes (Like | Disagree)