Urgent warning to all iPhone users after new cyberattack targets 1.4 billion Apple devices – here’s how to protect yourself

An urgent warning has been issued to all 1.46 billion iPhone users after tech experts discovered a new cyberattack targeting Apple IDs.

Bad actors are using SMS phishing campaigns that send messages pretending to be from Apple, prompting users to visit a link to an “important request” regarding iCloud.

California-based security firm Symantec discovered the attack this month, warning that the links lead to fake websites that urge users to provide their Apple credentials.

Apple has established guidelines for such an attack, urging iPhone owners to use two-factor authentication that requires a password and a six-digit verification code to access their account from an outside device.

“These credentials are highly valued because they allow control of devices, access to personal and financial information, and potential revenue generation through unauthorized purchases,” Symantec said on its website.

Click here to resize this module

“Additionally, Apple’s strong brand reputation makes users more likely to trust deceptive communications that appear to come from Apple, further increasing the attractiveness of these targets to cybercriminals.”

The company issued the warning on July 2, saying it had observed a malicious SMS message circulating that read: “Important Apple iCloud request: Visit signin(.)authen-login(.)info/icloud to continue using your services.”

Symantec discovered that the hackers added a CAPTCHA to the fake website to make it appear legitimate.

Once completed, users are redirected to an outdated iCloud login model.

Apple said on its support page that scammers may also ask iPhone users to turn off features like two-factor authentication or device theft protection.

“They will claim this is necessary to help stop an attack or to allow you to regain control of your account,” the tech giant shared.

“However, they are trying to trap you by reducing your security so that they can carry out their own attack.

“Apple will never ask you to turn off a security feature on your device or account.”

There are ways to identify fraud, and the in-text link is a perfect example.

Even though the message may appear credible, the URL will not match Apple’s website.

The tech giant also said that hackers typically send texts that appear very different from the company’s norm.

The scams aren’t limited to Apple impersonation, as many users have reported text messages pretending to be from Netflix, Amazon, and other well-known companies.

These fake messages claimed that users’ accounts were frozen or that their credit cards had expired, prompting them to click on a link asking for personal or bank account information.

“If you receive an unexpected text message asking you to provide personal or financial information, do not click on any links,” the Federal Trade Commission warned.

“Legitimate companies will not ask you for account information via text message.”

“If you think the message might be authentic, contact the company using a phone number or website you know is authentic. Not the information in the text message.”