Back to Home

Attackers send phishing SMS messages on behalf of Apple / ESET NOD32 Blog

malware

Attackers send phishing SMS messages on behalf of Apple

    Phishing messages that cybercriminals use the SMS short text messaging service are not new. They find out the phone numbers of their potential victims and use the currently relevant topic to send messages on behalf of the selected company.


    Recently, we observed the distribution of messages on behalf of Apple, the purpose of which for attackers was to obtain confidential user data, namely logins and passwords from Apple ID accounts. The prevalence of devices and services from Apple makes the use of this topic for cybercriminals very relevant.

    Sent SMS messages contain a phishing link, as shown below.


    The text in the messages notifies the user that his Apple ID has expired or that the account has been temporarily frozen using the service’s security feature. In this case, the user is required to confirm his identity.

    One way or another, the scam’s goal is always the same - to lure the user to a fake Apple ID credential web page, which will then fall into the hands of attackers. To do this, he needs to follow the link from the text message. In some cases, attackers may also ask the user to enter credit card information and other personal information. As you can see in the screenshot below, attackers do not always focus on an English-speaking audience.


    Despite the fact that the number of users who follow the instructions of the attackers and follow the link is small, the benefit for the attackers can be more substantial, since after receiving the account credentials, they can gain access to the user's personal data.

    At the same time, cybercriminals are trying to develop new options for phishing attacks, improving their skills. For example, the following screenshot shows an example message in which attackers try to persuade a user to unsubscribe from future messages from Apple.


    The following example shows an iMessage messenger message sent to a user from Germany. It is alleged that a lost iPhone was discovered.


    Of course, clicking on the link from the message does not lead the user to a legitimate Apple website.

    The surest way to prevent such attacks on users is to inform them. Only informing can really help prevent a situation of compromising user credentials.

    Recently, the well-known comedian of British television Al Murray, who is well known for his role as Pub Landlord, used twitter to notify his 400,000 subscribers of a suspicious text message that he received. At the same time, he was asked to follow the link and enter his Apple ID credentials in the opened web page.


    The following instructions should be used after receiving such phishing emails.

    • Report the phishing URL as well as the content of the message on Google's Safe Browsing Team . If the URL really turns out to be phishing, Google Chrome and other web browsers will update this information to alert users later.
    • If possible, tell the number from which the phishing text message was sent to your mobile operator to block it later. Such a measure will help protect other users from fraud.
    • In no case do not respond to a phishing message and do not follow the link inside it.

    We recommend that users of Apple services use two-factor authentication as an additional way to protect their accounts. Thus, even if the attackers manage to get the password for the account, they will not be able to use it to steal data.

    Read Next