Apple has issued new guidelines for all iPhone users to protect themselves following a cyberattack that targeted more than a billion devices last week.
The company warned users that hackers are using social engineering tactics such as pretending to be company representatives to access personal details such as login credentials, security codes and financial information.
Watch out for phishing emails that trick users into sharing information or handing over money, as well as deceptive pop-up ads, fake promotions, unwanted calendar invites, and fake phone calls.
As a first step, if they haven’t already enabled it, iPhone owners should set up two-factor authentication that requires a password and a six-digit verification code to access their account from an external device.
Apple warned users that hackers are using social engineering tactics such as pretending to be company representatives to access personal details such as login credentials, security codes and financial information.
Apple is asking users to be wary of receiving scam calls from what appears to be a legitimate phone number, but is actually a bad actor trying to steal your information.
They may try to build a rapport to gain your trust and will mention personal information about your account such as your home address, place of work or even social security number.
This scammer will likely pretend that there is a problem with the account and that someone has made unauthorized charges using Apple Pay and will make it seem urgent so that the user feels pressured to resolve the situation immediately.
Scam calls will usually work to create a strong sense of urgency to avoid giving you time to think and prevent you from contacting Apple itself, directly,” Apple warned.
‘For example, the scammer may say you are free to call Apple again, but the fraudulent activities will continue and you will be liable. This is fake and designed to prevent you from hanging up.’
Apple noted on its support page that fraudsters may also ask iPhone users to turn off features such as two-factor authentication or Stolen Device Protection.
“They will claim this is necessary to help stop an attack or allow you to regain control of your account,” the tech giant shared.
“However, they are trying to trick you into lowering your security so they can carry out their attack.”
The company said it has ways to identify fraudulent emails and messages to avoid being tricked into releasing your personal information.
First, users should look at the sender’s email or phone number to see if it matches the company name and if the email address they used to contact you is different from the one on your account.
Other methods include checking to see if the URL link they sent matches Apple’s website, if the message looks different from others you’ve received from the company, and if it asks for personal information like an account password or card number of credit.
Scammers will likely pretend that there is a problem with the account and that someone has made unauthorized charges using Apple Pay and will make it seem urgent so that the user feels pressured to resolve the situation immediately. This will create a situation that allows the bad actor to gain access to important personal and financial information
If a user receives a suspicious call, they should immediately hang up and call Apple directly to verify the notification they received, or they can report the scam calls to the US Federal Trade Commission or local law enforcement agencies.
Apple’s warning comes just a week after fraudsters used SMS phishing campaigns that sent iPhone users fake messages telling them to visit a link for an ‘important request’ related to iCloud.
California-based security firm Symantec disclosed the attack this month, warning that the links lead to fake websites urging users to hand over their Apple ID information.
The company issued the warning on July 2, noting that it noticed a malicious SMS circulating that read: ‘Important request from Apple for iCloud: Visit the login[.]auten-link[.]info/icloud to continue using your services.’
Symantec reported that the hackers added a CAPTCHA to the fake website to make it appear legitimate, and once completed, it would take users to an outdated iCloud login template.
“Phishing actors continue to target Apple IDs due to their widespread use, which provides access to a large pool of potential victims,” Symantec said in an alert last week.
“These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases.”
Apple clarified that its support representatives would never send users to a website link to sign in or ask them to provide their device password or two-factor authentication code.
“If someone claiming to be from Apple asks you for any of the above, they are a scammer engaging in a social engineering attack. Hang up or otherwise stop contacting them,” Apple said.