Beware of Phishing Attempts- Apple Users’ Version!
Lately, Apple users across 92 countries have received the biggest shock of their lives in their email and iPhone inboxes! Apple contacted them regarding a “mercenary spyware attack.” To make it more ominous, the users would get to see a “Threat notification” if they logged into their Apple ID.
The message emphasized the gravity of the warning and urged the users to be serious about the threat. Apple did not share any further details to prevent the mercenary spyware from developing a security evasion tactic.
Notably, the emails and messages sent by Apple did not contain any links.
This is where you need to be careful enough if you wish not to fall prey to cyber attacks such as phishing.
How Do You Know If The Apple Message You Got is Legitimate or Not?
This is something every Apple user must be aware of.
Apple has this support document that clearly mentions that all the emails and images that it sends out will carry no link at all. Also, these messages direct users to log in with their Apple ID right away. Once the users log into their Apple ID and click on the View Details link, they get directed to another page where they get to learn about the potential threat.
Also, the emails and messages are sent only to the email IDs and phone numbers that are associated with the receiver’s Apple ID.
If you ever come across an email or imessage from Apple mentioning a mercenary spyware attack with a link attached to it, know that it is a scam! Delete the email/message ASAP.
Phishing Scams Conducted By Threat Actors By Mimicking Apple!
Apple is a luxury brand, incredibly popular among those who wish to flaunt their opulent social stature. However, this is the reason why more and more threat actors impersonate the tech giant.
One of the most popular tricks played by phishing actors is to send out emails to Apple users regarding any Apple purchase that you don’t recognize. Such emails come with attached malicious links. They try to persuade you to click on the link to check your purchase history.
In that case, come out of that email and check your actual purchase history to verify whether or not you have bought something accidentally. Even if you have bought something accidentally, you can easily get a resolution by reporting the issue in the “Report a problem” section.
Another trick used by threat actors is to send out iCloud storage warning emails. During the Q4 2023, rounds of emails got circulated online claiming that the iCloud storage was full for some to the users. The spammy email claimed to offer a “free iCloud storage upgrade” for the users. The email urged the recipients to click on the malicious link attached.
What Do You Do If You Receive a Fraudulent Email?
First of all, if you receive an email from Apple which you think is fraudulent, straightaway mark it as spam.
Next, follow the step-by-step details to report the spammy email to the concerned authorities:
- Forward the entire email with all the headers.
- You can report the email to reportphishing@apwg.org and reportphishing@apple.com
How Likely It Is For Apple to Send a Text Message to Its Users?
It is quite rare for Apple to send out text messages to its users on the Messages app. Even if it does, Apple relies on the two-factor authentication method to send text messages to the recipients. There is no possibility that Apple will send out plain text messages to users.
2FA example using a mobile device
Image sourced from imperva.com
Also, whenever you get any message from Apple, it will always show the Verified Badge beside the Apple notification.
In case you get text messages that claim to be from Apple but don’t have any Verification Badge with it, ignore the text and delete it right away.
Avoid clicking on any link that might have been sent with the text message.
Does Apple Call Its Users?
Apple does NOT call the users until and unless you initiate the call for a tech support issue. Basically, when you connect with AppleCare, you get an option to receive a call back from their customer support executives.
However, if you start receiving multiple notifications asking you to give approval to a password reset, then it can be a case of MFA Bombing or Multi Factor Authentication bombing. The ultimate goal of the threat actors is to make you hit the “Allow” button accidentally. After that you may receive a call from a fake caller, posing to be an Apple support executive. The end goal is to reset your Apple ID password in all this confusion and chaos.
Every Apple user must be well-versed in all the tactics deployed by threat actors so that these scammers can never succeed in breaking into their banks by impersonating Apple.
Get in touch with DMARCReport for any inquiries related to email security.