Attackers send phishing SMS messages on behalf of Apple
Phishing messages that attackers spread using SMS Short Text Service are not new. They find out the phone numbers of their potential victims and use the current topic to send messages on behalf of the selected company.
Recently, we observed mailing on behalf of Apple, whose goal for attackers was to obtain confidential user data, namely, usernames and passwords from Apple ID accounts. The prevalence of devices and services from Apple makes the use of this topic for intruders very relevant.
Sent SMS messages contain a phishing link as shown below.
')
Text in messages notifies the user that his Apple ID has expired or that the account has been temporarily frozen using the security feature of the service. In this case, the user is required to confirm his identity.
Anyway, the scammer’s goal is always the same - to lure the user to a fake Apple ID credential input web page, which will then fall into the hands of intruders. To do this, he needs to follow the link from the text message. In some cases, attackers may also ask the user to enter credit card and other personal information. As can be seen in the screenshot below, the attackers do not always focus on the English-speaking audience.
Despite the fact that the number of users who follow the instructions of the attackers and follow the link is small, the gain for the attackers may be more significant because they can get access to the user's personal data by getting account credentials.
At the same time, cybercriminals are trying to develop new versions of phishing attacks, improving their skills. For example, the following screenshot shows an example of a message in which attackers try to persuade a user to unsubscribe from future messages from Apple.
The following example demonstrates the message of the iMessage messenger, which came to the user from Germany. It is claimed that a lost iPhone was discovered.
Of course, following a link from a message does not lead the user to the legitimate Apple website.
The most correct way to prevent such attacks on users is to inform them. Only informing can really help prevent the compromise of user credentials.
Recently, the famous British television comedian Al Murray, who is well known for his role as “Pub Landlord,” used Twitter to notify his 400,000 followers about a suspicious text message he received. At the same time, he was asked to follow the link and enter his Apple ID credentials in the opened web page.
The following instructions should be used after receiving such phishing emails.
We recommend that Apple service users use two-factor authentication as an additional way to protect their accounts. Thus, even if attackers manage to get a password from an account, they will not be able to use it to steal data.
Recently, we observed mailing on behalf of Apple, whose goal for attackers was to obtain confidential user data, namely, usernames and passwords from Apple ID accounts. The prevalence of devices and services from Apple makes the use of this topic for intruders very relevant.
Sent SMS messages contain a phishing link as shown below.
')
Text in messages notifies the user that his Apple ID has expired or that the account has been temporarily frozen using the security feature of the service. In this case, the user is required to confirm his identity.
Anyway, the scammer’s goal is always the same - to lure the user to a fake Apple ID credential input web page, which will then fall into the hands of intruders. To do this, he needs to follow the link from the text message. In some cases, attackers may also ask the user to enter credit card and other personal information. As can be seen in the screenshot below, the attackers do not always focus on the English-speaking audience.
Despite the fact that the number of users who follow the instructions of the attackers and follow the link is small, the gain for the attackers may be more significant because they can get access to the user's personal data by getting account credentials.
At the same time, cybercriminals are trying to develop new versions of phishing attacks, improving their skills. For example, the following screenshot shows an example of a message in which attackers try to persuade a user to unsubscribe from future messages from Apple.
The following example demonstrates the message of the iMessage messenger, which came to the user from Germany. It is claimed that a lost iPhone was discovered.
Of course, following a link from a message does not lead the user to the legitimate Apple website.
The most correct way to prevent such attacks on users is to inform them. Only informing can really help prevent the compromise of user credentials.
Recently, the famous British television comedian Al Murray, who is well known for his role as “Pub Landlord,” used Twitter to notify his 400,000 followers about a suspicious text message he received. At the same time, he was asked to follow the link and enter his Apple ID credentials in the opened web page.
The following instructions should be used after receiving such phishing emails.
- Report a phishing URL, as well as the content of the message in Google's Safe Browsing Team . If the URL is indeed phishing, Google Chrome and other web browsers will update this information to warn users later.
- If possible, report the number from which the phishing text message came to your mobile operator for its subsequent blocking. Such a measure will help protect against fraud by other users.
- Do not respond to the phishing message and do not follow the link inside it.
We recommend that Apple service users use two-factor authentication as an additional way to protect their accounts. Thus, even if attackers manage to get a password from an account, they will not be able to use it to steal data.
Source: https://habr.com/ru/post/316440/
All Articles