Apple Gives Tips on Avoiding Phishing Scams Amid Warnings of New SMS Threat

Apple this month refreshed the security support document that provides iPhone, iPad, and Mac users with tips on how to recognize and avoid social engineering schemes like phishing messages and fake support calls.

iPhone 12 Security Feature
The updated information follows recent reports of "smishing" attacks targeting Apple IDs. Malicious actors have been sending out SMS text messages that attempt to get users to provide their Apple ID usernames and passwords on a fake iCloud website.

Apple's guidelines provide key information that all users should be aware of to protect themselves, such as a recommendation to ignore messages with suspicious links. Apple says that it will not ask for ‌Apple ID‌ passwords or verification codes, and users should contact Apple directly rather than answering a suspicious phone call or message claiming to be from Apple.

Further, Apple will not ask users to log into any website, to tap Accept in the two-factor authentication dialog, or to enter a two-factor code into a website. Apple will also not request that users disable features like two-factor authentication, Find My, or Stolen Device Protection. Apple's security tips:

  • Never share personal data or security information like passwords or security codes, and never agree to enter them into a webpage that someone directs you to.
  • Protect your ‌Apple ID‌. Use two-factor authentication, always keep your contact information secure and up to date, and never share your ‌Apple ID‌ password or verification codes with anyone. Apple never asks for this information to provide support.
  • Never use Apple Gift Cards to make payments to other people.
  • Learn how to identify legitimate Apple emails about your App Store or iTunes Store purchases.
  • Learn how to keep your Apple devices and data secure.
  • Download software only from sources you can trust.
  • Don't follow links or open or save attachments in suspicious or unsolicited messages.
  • Don't answer suspicious phone calls or messages claiming to be from Apple. Instead, contact Apple directly through official support channels.

Scammers will go to great lengths to get personal information, so Apple recommends watching out for tricks like creating a sense of urgency through scare tactics like stolen personal information or unauthorized charges. Scammers are after login information and security codes, so that information should not be entered on a website accessed through a link in a text or an email.

Apple also warns against downloading unrecognized, unsafe software and configuration profiles and following instructions on pop-ups. Users who receive a pop-up should ignore the message and close the entire window or tab.

Apple has further instructions on how to spot social engineering schemes, the forms those schemes can take, and how to report suspicious emails, messages, and phone calls. There is a separate support document on what to expect from Apple Support and the kinds of information Apple will not request.

Popular Stories

iOS 18

iOS 18.4 Coming Next Week With These New Features for Your iPhone

Friday February 14, 2025 6:18 am PST by
The first iOS 18.4 beta for iPhones should be just around the corner, and the update is expected to include many new features and changes. Bloomberg's Mark Gurman expects the iOS 18.4 beta to be released by next week. Below, we outline what to expect from iOS 18.4 so far. Apple Intelligence for Siri Siri is expected to get several enhancements powered by Apple Intelligence on iOS...
apple launch feb 2025 alt

What to Expect From the 'Apple Launch' Next Week

Thursday February 13, 2025 11:48 am PST by
Apple has yet to announce any new devices this year, but that could change starting next week. Apple CEO Tim Cook today said to "get ready" for a "launch" on Wednesday, February 19. "Get ready to meet the newest member of the family," said Cook, in a social media post. The post includes an #AppleLaunch hashtag, along with a short video featuring an animated Apple logo inside of a circle....
iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro With All-New Camera Bar Design Allegedly Revealed

Thursday February 13, 2025 5:49 pm PST by
Apple's next-generation iPhone 17 Pro will feature three rear cameras arranged in a familiar triangular layout, but the cameras will be housed in an all-new rectangular camera bar with rounded corners, according to YouTube channel Front Page Tech. iPhone 17 Pro camera design render created by Asher for Front Page Tech In a video uploaded today, Front Page Tech host Jon Prosser said the camera ...
iphone air concept weis

iPhone 17 Air Could Look Like This in Real Life

Friday February 14, 2025 3:41 am PST by
There have been several alleged leaked details of the iPhone 17 Air, Apple's rumored new slim iPhone, but images have been limited to grainy shots taken in component factories. However, this hyper-realistic concept created by WEIS Studio gives us the best idea yet of what Apple's thin device might actually look like. The concept design is inspired by recent leaks indicating that the device...
m2 pro mac mini

Apple is Now Selling a Refurbished Mac Mini for Just $319 (!)

Saturday February 15, 2025 9:58 am PST by
A few days ago, we reported that Apple's refurbished Mac mini pricing had a problem, and it appears that Apple has taken note. Apple was offering a refurbished Mac mini with the M2 chip, 16GB of RAM, and 256GB of storage for $559, which was $50 more than a refurbished Mac mini with the M4 chip, 16GB of RAM, and 256GB of storage. All other key specifications were equal. That's no longer...
apple launch feb 2025

Tim Cook Teases an 'Apple Launch' Next Wednesday

Thursday February 13, 2025 8:07 am PST by
In a social media post today, Apple CEO Tim Cook teased an upcoming "launch" of some kind scheduled for Wednesday, February 19. "Get ready to meet the newest member of the family," he said, with an #AppleLaunch hashtag. The post includes a short video with an animated Apple logo inside a circle. Cook did not provide an exact time for the launch, or share any other specific details, so...
M4 Mac mini Apple Video

Apple's Refurbished Mac Mini Pricing Has a Problem

Thursday February 13, 2025 6:20 am PST by
Apple this week began selling refurbished Mac mini models with the M4 chip for the first time, but this has led to a pricing conundrum. In the United States, Apple is offering a refurbished Mac mini with the base M4 chip, 256GB of storage, 16GB of RAM, and Gigabit Ethernet for $509, down from $599 new. This is the standard 15% discount that Apple offers on refurbished Macs. The issue is...
iPhone SE 4 Thumb 1

Apple's Next iPhone SE Launching on Wednesday - Here's What We Know

Friday February 14, 2025 4:04 pm PST by
Apple CEO Tim Cook teased an Apple announcement that's coming on Wednesday, February 19, and it's looking like that mystery announcement will be the next-generation iPhone SE. We've been hearing about the iPhone SE 4 for quite some time now, and we essentially know everything to expect. If you want a sneak peek at what's coming, read on. Naming Apple first introduced the iPhone SE in...

Top Rated Comments

Unity451 Avatar
8 months ago
"Smishing" is about the most un-menacing word I can think of. Beware of the Smishers! (by Dr. Seuss)
Score: 6 Votes (Like | Disagree)
JapanApple Avatar
8 months ago
“Download software only from sources you can trust”
these are words to live by
Score: 4 Votes (Like | Disagree)
kerr Avatar
8 months ago
Would be good if Apple could do their part.

iCloud, Apple TV+, software/rental purchases: email from no_reply@email.apple.com with Apple logo and blue verified checkmark. Great!

Hardware purchase: dodgy looking email from au_cons_do_not_reply@asia.apple.com, no evidence to suggest it's legitimate even though it is. Gmail understandably sends such emails to spam folder.
Score: 3 Votes (Like | Disagree)
Realityck Avatar
8 months ago
Took a week for this news to show up on most press/news services

original source July 2nd. (link was in the OP)
https://www.broadcom.com/support/security-center/protection-bulletin/apple-ids-targeted-in-us-smishing-campaign

Copy Link
Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims. These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases. Additionally, Apple's strong brand reputation makes users more susceptible to trusting deceptive communications that appear to be from Apple, further enhancing the attractiveness of these targets to cybercriminals.
These campaigns are mostly conducted via email although increasingly also through malicious SMS. A very recent case saw a threat actor distributing malicious SMS messages in the United States.
Observed malicious SMS:


* Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.

Typically, smishing actors restrict access to their malicious websites to users on mobile browsers and specific regions to evade detection by monitoring systems. However, in this instance, the malicious website is accessible from both desktop and mobile browsers. To add a layer of perceived legitimacy, they have implemented a CAPTCHA that users must complete. After this, users are directed to a webpage that mimics an outdated iCloud login template.
Score: 3 Votes (Like | Disagree)
now i see it Avatar
8 months ago
The scams always follow the same game plan. They’re easy to spot.

Always starts out with some sort of threat to create fear and anxiety.
In the past there were some that claimed you had come into tins of money.
Then -always- there’s a link that they provide to “fix” the problem or just a phone number.

Is it a Scam?
Threat or ridiculous + link = yes.
Easy.
Score: 3 Votes (Like | Disagree)
DavidMalcolm Avatar
8 months ago
Honestly, the lack of work done by large companies to cut down on scammers is a huge problem. The number of times I’ve talked to people who end up on a confusing scam website because they clicked on a Google ad for a major company that Google SHOULD have known wasn’t from that company and automatically blocked is staggering. Facebook is equally as guilty.

The fact that there haven’t been mandatory six month payout waits for in app purchases of gift card codes is nuts. The idea that Apple and Google are not required to refund people who buy these gift cards and give them to scammers is nuts to me.

Like how long has this been going on? There are easy steps that could have been put in place years ago that would have stopped these scammers from making tons of money to reinvest into their operations.

Even just a warning label in the back of all gift cards “these are gift cards, if someone over the phone asked you to purchase this and you did not buy this to use yourself or give to a friend and or family member, please return to a store for a refund with your receipt.”

The fact that phone companies aren’t legally required to provide any information about where a call is originating or how long that number has been assigned to that device is nuts. There’s so much that could be done automatically to prevent these scams, but it isn’t in the interest of stockholder value it’s in the interest of the good of society so nothing is done.
Score: 2 Votes (Like | Disagree)