Getting people to hand over sensitive information is one way cybercriminals rip people off. Sometimes they do this through phishing attacks, and a new campaign targets iPhone and Apple Mac computer users.
Read on to learn how this phishing scheme works and what you can do about it.
Phishing attack targeting Apple users
iCloud is Apple’s cloud-based storage where you can safely store passwords, files and iPhone backups. It’s designed to be secure from intrusion, but some exceptions exist.
The most effective way to breach an iCloud account is for users to give up their usernames and passwords willingly. While nobody is foolish enough to provide their data to just anyone who asks, a new phishing attack tricks users into signing into a fake iCloud account with their legitimate credentials.
These kinds of attacks aren’t new, but fresh twists always arise. According to iDropNews, many have received emails claiming that their iCloud accounts are breached and that they must reset their passwords.
But the link in the email is fake, and it takes them to a phony website that looks legitimate. Once you enter your iCloud credentials, criminals quickly capture them. The login details let hackers access personal files and sensitive information.
There are a few versions of phishing scams targeting Apple users now. Another is when you receive an email supposedly from Apple letting you know that your iCloud storage is full. The email includes a link offering an additional 50GB of storage for free. But don’t believe it! It’s also a scam.
If you click the link in the email, you’ll be taken to a spoofed site asking for your credentials. If you enter them, you’re handing them over to criminals.
These are examples of tricky phishing scams. Fortunately, there are ways to avoid falling victim.
Don’t fall for these Apple iCloud phishing scams
Having a complex password is an excellent start to securing your digital life as criminals get savvier. Need help creating better passwords? That’s a great place to begin, but you must take further precautions to avoid phishing attacks like these.
Here are some ways to stay safe:
- Safeguard your information — Never give out personal data if you don’t know the sender of a text or email or can’t verify their identity. Criminals only need your name, email address and telephone number to rip you off.
- Always use 2FA — Use two-factor authentication (2FA) for better security whenever available.
- Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails. They could be malicious, infect your device with malware and/or steal sensitive information.
- Beware of phishing emails — Scammers piggyback on breaches by sending malicious emails to trick you into clicking their links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors.
- Use strong, unique passwords — Utilize different passwords for every account. That way, if one account is breached, your password won’t put your other accounts at risk.
- Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices.