NEW PHISHING CAMPAIGN SENDS TEXTS ASKING FOR APPLE ACCOUNT DETAILS
Security researchers have detected a new phishing campaign targeting Apple users via text message to steal their login credentials.
According to experts from Intel Security, the messages tell victims their Apple accounts have been temporarily suspended and give them a bit.ly link to follow to rectify this.
The link leads them to a fake Apple website that asks them to supply their account details to verify their identities, but they are simply sent to the cyber criminals behind the campaign.
Statistics on various bit.ly links used show they have been clicked more than 7,500 times in total, with most of their victims residing in the United States.
“Most of the time cyber criminals do not need advanced exploits and attacks to gain unauthorised access to systems or accounts,” wrote McAfee mobile malware researcher Carlos Castillo in a blog post. “A phishing website and message can be enough to obtain credentials from victims and get full access to accounts.
“How can you protect yourself from this type of attack? In general be suspicious of any unwanted SMS messages from unknown numbers and think before you click. Do some research and save yourself a lot of grief.”
Although the phishing campaign may trick some of its recipients, more vigilant users will notice the telltale signs of a scam on the web page behind the links, including a non-Apple URL, some odd font and text size choices and bright red text that mentions “receiving this email in the Spam folder” despite the fact it is a web page.
The initial text messages also have a distinct format, organising themselves with “FRM”, “SUBJ” and “MSG” fields within the body of the message.
Last week iOS users were advised to update their devices after a flaw in the way Apple’s operating systems processed images left them vulnerable to malicious code.