Urgent warning to all iPhone users after new cyber attack targets 1.4 billion Apple devices – here’s how to protect yourself

An urgent warning has been issued to all 1.46 billion iPhone users after tech experts discovered a new cyber attack targeting Apple IDs.

Bad actors are using SMS phishing campaigns that send messages claiming to be from Apple, prompting users to visit a link for an ‘important request’ related to iCloud.

California-based security firm Symantec disclosed the attack this month, warning that the links lead to fake websites urging users to hand over their Apple ID information.

Apple has set guidelines for such an attack, requiring iPhone owners to use two-factor authentication that requires a password and six-digit verification code to access their account from an external device.

Bad actors are using SMS phishing campaigns that send messages claiming to be from Apple, prompting users to visit a link for an ‘important request’ related to iCloud

“These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases,” Symantec shared on its website.

“Furthermore, Apple’s strong brand reputation makes users more susceptible to believing fraudulent communications that appear to be from Apple, further increasing the attractiveness of these targets to cybercriminals.”

The company issued the warning on July 2, noting that it noticed a malicious SMS circulating that read: ‘Important request from Apple for iCloud: Visit the login[.]auten-link[.]info/icloud to continue using your services.’

Symantec found that hackers added a CAPTCHA to the fake website to make it appear legitimate.

Once completed, it takes users to an outdated iCloud login template.

Apple noted on its support page that fraudsters may also ask iPhone users to turn off features such as two-factor authentication or Stolen Device Protection.

“They will claim this is necessary to help stop an attack or allow you to regain control of your account,” the tech giant shared.

Symantec found that hackers added a CAPTCHA to the fake website to make it look legitimate, and once it’s done, it takes users to an outdated iCloud login template

“However, they are trying to trick you into lowering your security so they can carry out their attack.

“Apple will never ask you to turn off any security features on your device or in your account.”

There are ways to identify fraud – and a dead giveaway is the in-text link.

While the message may look credible, the URL will not match Apple’s website.

The tech giant also said hackers typically send texts that look significantly different from the company’s standards.

Scams are also not limited to impersonating Apple as many users have reported text messages claiming to be from Netflix, Amazon and other popular companies.

These fake messages claimed that users’ accounts had been frozen or their credit cards had expired, prompting them to click a link asking for personal or bank account information.

“If you receive a text message that you did not expect and asks you to provide some personal or financial information, do not click on any link,” the Federal Trade Commission has warned.

“Legitimate companies won’t ask for your account information via text.”

“If you think the message might be real, contact the company using a phone number or website you know is real. Not the information in the text message.’