Security

Scam Texts Target Apple Users As Clocks Go Back

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

The latest phishing scam sends text messages directly to users’ smartphones

Criminals are targeting Apple users with a text message scam timed to coincide with the clock change in the UK, according to user reports.

One user posted iPhone screen-shots displaying the messages, which warn of the expiry of the user’s Apple ID, the account used to manage all Apple products.

‘Account expiry’

apple-phish

“Your Apple ID is die to expire today, please tap (url) to update and prevent loss of services and iCloud accounts,” the message reads.

The link leads to a sign-in page that closely resembles Apple’s own site login, according to screen shots posted by security researcher Graham Cluley.

The malicious site prompts users to enter their Apple ID username and password, then asks for further details including credit card information, personal identity details and passport numbers.

Cluley reported a similar SMS-based phishing scam targeting Apple users earlier this year. The earlier messages, which circulated in April, were made more convincing by employing the user’s real first name.

Apple targeted

“Perhaps you… wouldn’t fall for such shenanigans – but are you certain that there isn’t someone amongst your family and friends who wouldn’t be susceptible to a moment of muddied thinking, and click on the link without proper caution?” Cluley wrote.

He advised users to enable two-step authentication to help prevent unauthorised access to Apple ID accounts.

The popularity of Apple’s mobile devices has led to its platform being increasingly targeted by scammers.

Last week US authorities sentenced Pennsylvania man Ryan Collins, 36, to 18 months in federal prison for carrying out an email-based phishing scam that led to the 2014 leak of data from more than 600 accounts, including the publication of nude photos of celebrities.

Between November 2012 and September 2014 Collins sent phishing emails to targets that appeared to be from Apple or Google and which asked them to enter their usernames and passwords.

Collins accessed at least 50 Apple accounts and 72 Gmail accounts, according to authorities.

What do you know about the history of the Mac? Try our quiz!