McAfee Labs blog is reporting that Intel Security Mobile Research has discovered a smishing operation that is targeting users Apple ID via SMS. Smishing is the same as phishing but the term was coined to refer to SMS or text phishing rather than email phishing. The smishing SMS informs users they have been locked out of their Apple account and provides a link to a phishing site where they can then steal your username and password. The SMS attempts to make you comfortable by appearing familiar and the link takes you to website that looks similar to Apple’s.
Once on that webpage the attackers attempt to scare users by telling them their accounts will be closed unless they take action. Once the link is clicked users are presented with what looks like the Apple login page where the actual theft of the credentials will take place.
Previous campaigns (no longer active) offered more specific messages about the suspension of an Apple account but always used the same email template (FRM, SUBJ, and MSG):
- FRM:<number>@text.att.net
- SUBJ: New
- MSG:i>¿Your iTunes has been suspended until this process is completed <phishing_url>
Right now bit.ly says this smishing operation has only garnered around 1700 clicks most of those in the United States. There have been other recent operations such as this one that have gotten thousands more clicks.
There are a few ways to protect yourself and your account. First, do not click, respond or open emails or text messages that look suspicious or from senders you don’t trust. In this case the hackers were pretending to be the maker of the device and who doesn’t trust the maker of their device? It’s important to note that most companies will not contact you in these manners. Always check email addresses, text numbers, look for shortened URL’s and investigate before accepting a message as legitimate. A level of paranoia is a good thing to have, so long as it doesn’t consume you.
Second, for crying out loud, turn on two-step verification! Whether it’s Apple or Google, turning on two-step verification is going to help keep the bad guys out of your accounts. The bottom line is, if a hacker wants in someplace, they will get in, just don’t make it easy for them. Most of these smishing and phishing operations are opportunists looking for easy targets, turning on two-step will help. You can also change your Apple ID password if you feel you may have been compromised.
What do you think of this smishing operation? Let us know in the comments below or on Twitter, Facebook and Google+.
Change your Apple ID password here.
Sign up for two-step verification here.
[button link=”https://blogs.mcafee.com/mcafee-labs/active-ios-smishing-campaign-stealing-apple-credentials/” icon=”fa-external-link” side=”left” target=”blank” color=”285b5e” textcolor=”ffffff”]Source: McAfee[/button]Last Updated on January 23, 2017.
