Recently, Apple device users began to report something concerning: they have become victims of a new Apple ID phishing scam that is focused on gaining access to their Apple accounts. These people got a text message that says their Apple ID is expiring, and it asks the user to click a link. This isn’t an entirely new threat, however – cyber criminals have been trying to get your Apple ID using various techniques for a while now.
To determine if any message is a scam, you should look for anything odd, like a misspelled word, or any request that may mean you’ll lose something, win something, or any request from someone wanting “personal” information. Really, you should assume that any text message that you receive from an unrecognized number is unsafe. If you think a text is suspicious, but feel it requires your action and attention, go directly to the company’s website, get the telephone number, and give them a call to verify the legitimacy of the request.
This Apple ID phishing scam is particularly insidious due to how real it seems and how easy it would be to give up your credentials. Take a look:
As you can see in the above image, it’s not easy to spot a fake Apple ID request. Know that the fake popup will only occur when you click a link in a text. But, it’s always a possibility that your iMessage account needs authentication if you have signed out. So, what do you do? How can you avoid falling victim to this hard-to-spot Apple ID phishing scam?
First, take a breath and slow down. Instead of haphazardly filling out your credentials each time you see a request for your password, make sure that this request is legitimate. To do this, touch your iPhone or iPad’s home button and head directly to the settings screen where your login credentials for iTunes, iMesssage, and Facetime are usually stored. When entering each setting, if your account needs re-authentication, this is where a pop-up will happen.
It’s also important to note that your Apple ID does not expire. Even if you don’t remember your username or password, or you haven’t used it in a decade, your Apple ID is active. Any attempt to gather your login credentials claiming that they’re necessary to reset your Apple ID because it has expired is likely a scam.
How To Report Apple ID Phishing Scam Attempts
You might want to take a screen shot of the phishing attempt and email it to firstname.lastname@example.org. You can also choose the “Report Junk” option if you get an iMessage from a person who is not your contacts. This also forwards the information to Apple.
If the the scam seems to come through as an SMS message (green), and not an iMessage (blue) then, if you are so inclined to report it, you’ll need to browse to the FTC’s website to help you report this. Some of the major mobile phone providers also allow you to forward the message to 7726 (SPAM). These include T-Mobile, Bell, Sprint, Verizon, and AT&T.
And remember, if you’re not already using two-factor authentication, you should start using it today. Two-factor authentication will prevent most “authentication” type phishing scams, and can save you a lot of hassle.