Apple ID Phishing Scams: Code / Password Reset Email & Fake Security Alert Text

This article is from Trend Micro.

Recently a lot of people have reported that they’ve received texts and emails from Apple ID that contain verification codes, and ask them to change their passwords. Have you received anything similar and wondered what it is? Keep reading to get the low-down and find out how to protect your online security.

How Apple ID Password Reset Email Scams Work

Got a notification that you must reset your password (but have no idea why)? If you’re sure you haven’t requested it, it could be a sign of a data leak! Furthermore, your email address might be compromised. With it, scammers will attempt to log into your Apple ID by sending password reset requests (using the Forget Password service).

That is, the emails or text messages you receive are LEGITIMATE, generated automatically from the Apple system — due to the scammer’s actions. Remember, NEVER reveal the verification code to anyone. Scammers can also contact you, impersonating Apple support, and ask you to provide that code.

If you fall for it, scammers can gain fully access to your Apple ID and reset the password to block you out. What for? All the private data stored in iCloud. In our previous posts, victims exposed their seed phrase to MetaMask wallet and had all the crypto assets stolen!

Other Apple ID- related Scams

More commonly, scammers just pose as Apple and send you fake emails or text messages that contain phishing links to entice you. Using various excuses like a security alert, Apple ID lock, billing error, or whatever else works, they prompt you into clicking on the phishing link to fix the issue. Here are some examples.

“Apple ID Locked” Phishing Emails

Scammers tell you that you have to reactivate your Apple ID, and ask you to click on the attached link to verify your account:

Source: Reddit

The embedded button will take you to a fake Apple log-in page. If you enter your Apple ID credentials there, scammers can gain access to your Apple account and use it for identity theft! Below is another sample scam email:

Apple ID Phishing Text Messages

Besides emails, scammers also love to use text messages to contact you. Again, their goal is to prompt you to click on the attached phishing link:

• appie-id: we’ve noticed a discrepancy in your contact information, please update your information to avoid restrictions on your account. applesecured01[.]com
• apple id-support: your last payment failed, please update your payment information {URL}
  apple-id: has noticed a billing error, all features will be disabled until we receive a response. please visit {URL}.
• apple id: for your protection, your login has been automatically paused. please verify your identity today or your account will be disabled. {URL}

 As we’ve stressed several times, the page is a phishing site. Scammers can record any log-in information you submit. You already know what can happen next. Don’t fall for it!

Sample fake Apple ID login pages

How to Protect Yourself

Double-check senders’ email addresses or phone numbers, but also keep in mind that caller/sender IDs can be spoofed.
Never share any verification codes with anyone.
Don’t click on links or buttons from unknown sources. Use Trend Micro Check to surf the web safely.
 
Trend Micro Check is a browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!

Check out this page for more information on Trend Micro Check.

• Disable iCloud backups for your sensitive data like crypto wallet log-in information. You can do it via Settings > Profile > iCloud > Manage Storage > Backups. Also, turn off automatic iCloud backups via Settings > Apple ID/iCloud > iCloud > iCloud Backup.
• Be smart with your personal information — scammers can use leaked information for phishing attempts. Add an extra layer of protection with Trend Micro ID Security to manage your online security and privacy with ease:
   
  Available on Android and iOS, ID Security can monitor the internet and the dark web for your personal data — 24/7! If your data is leaked, you’ll be the first to know!

• Dark Web Personal Data Manager: Scours the dark web for data such as bank account numbers and social security numbers.
• Credit Card Checker: Find out if someone has acquired your credit card number and put it on the dark web.
• Email Checker: Find out if any of your email addresses have been leaked to the dark web. You’ll be notified of the exact account.
• Password Checker: ID Security will notify you if your password is currently in circulation on the dark web.
• Social Media Account Checker: Find out if your Facebook and Twitter accounts have been breached and shared on the dark web.

Comprehensive Monitoring Report.

As ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.

Source: pexels.com.