Beeware this Apple ID hacking scam.
Apple has long since had an air of invulnerability about it as far as users have been concerned; be they iPhone, iPad or Mac fans, the ecosystem has been thought of as pretty darn secure. Like most security assumptions, however, it is wrong. After all, to assume is to make an ass out of u and me. With iPhone dating apps found to be leaking sensitive images, iOS hackers getting root of smartphones, and the FBI warning iPhone users to hang up and use a secret code, the secure bubble has well and truly been burst. There has been some solace in the idea that at least it’s not as bad as it is for Windows users, but new analysis has revealed that hackers are jumping ship from Windows, and your Apple ID is firmly in the crosshairs.
Your Apple ID Is Valuable And Hackers Will Stop At Nothing To Get It
There are in excess of 2 billion active users of iPhones, iPads and MacBooks, so it’s hardly surprising that an Apple ID is seen as such a valuable commodity among the criminal hacking community. It is, after all, the gateway to your account, your devices and your data. Compared to Windows users there is also the notion that Apple fans tend to be more affluent, and that could mean richer pickings once an account is compromised.
Security researchers at LayerX have confirmed this to be the case after they uncovered an account-compromising attack campaign that was initially targeting purely Windows users but has now turned its attention to Apple instead. “With new security features rolled out by Microsoft, Chrome, and Firefox, the attackers have shifted their focus to Mac users,” the researchers said. While the platform has changed, the methodology has not: scareware security alerts designed to bait the user into entering their account passwords.
Although this sounds like a simple phishing attack at first, the truth is that simplicity works. By employing cloned sites to distribute fake Apple security notices, informing users their Apple ID has been suspended and requiring immediate action to regain control, the end result is a compelling and successful hacking campaign.
“If you’re suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money,” Apple said, “it’s safer to presume that it’s a scam.”
Remember that Apple will never ask you to log into a website, click a button saying accept in a 2FA dialog or provide your Apple ID password in this way. If in any doubt at all, always go to the settings for your Apple ID on your device and check from there.
