iPhone Users Hit With Apple ID Expiration Scam
Apple users are getting phishing messages designed to trick them into handing over their Apple ID passwords and different pieces of personal information.
A text message phishing scam, disguised as a note sent by Apple Support, purposes to attract unsuspicious iPhone owners to share their usernames and passwords. The scam, which seems as a shady text message, is reportedly informing users that their Apple ID has expired and they will want to visit a fake website to receive a new one.
People hit by the scam generally receive an unwanted message which claims to come from Apple, advising them to immediately change their Apple ID password before it expires.
Victims are then directed to an unauthorized but legitimate-looking website like AppleIDLogin.co.uk, where they are requested to enter their username and password.
After that, they are told their account has been locked for "security reasons," and are directed to enter other personal information like address and credit card details, in order to "unlock" the account, according to security expert Graham Cluley.
Of course, the site is not genuine - it's all part of a phishing, designed to get users to hand over information which could be used by cybercriminals.
“As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be,” Apple states. “Many companies have policies that state they will never solicit such information from customers by email.”
Apple also notes that a typical phishing technique is to “include connections in an email that appear like they go to a legitimate website,” so users should take extra steps to verify whether or not the link is genuine.
Apple's phishing support page instructs users to "never send credit card information, or extensive personal information, account passwords, " to somebody, unless they have fully confirmed the senders are who they say they are.
The best protection against phishing attacks is to stay observant and ignore or delete any messages that look even somewhat suspicious. If a user is still in doubt, contact the actual company directly, and then they will be able to verify whether there're any real problems or not.