Apple has issued new guidelines for all iPhone users after a cyber attack targeted more than a billion devices last week.
Apple has warned users that hackers are using social engineering techniques, such as pretending to be company representatives, to access personal details, such as login credentials, security codes and financial information.
The company urges caution against receiving spoofed calls under the guise of a "legitimate phone number," but which in fact hide a breach that attempts to steal personal information.
Hackers may try to build a relationship to gain your trust by providing personal information about your account, such as your home address, place of work, or even your Social Security number.
The scammer may claim that there is a problem with the account, that someone made unauthorized transactions using Apple Pay, and will make it seem urgent so that the user feels pressured to resolve the situation immediately.
Apple warns that scam calls will typically create a strong sense of urgency, to avoid giving you time to think, and prevent you from contacting Apple yourself.
Apple also notes (on its support page) that scammers may also ask iPhone users to disable features such as two-factor authentication or stolen device protection.
“They will claim this is necessary to help stop the attack or allow you to regain control of your account. However, they are trying to trick you into lowering your security level so they can carry out their own attack,” the tech giant said.
The company said there are ways to identify fraudulent emails and messages to avoid being scammed: look at the sender's email or phone number to see if it matches the company name, check to see if the URL sent by the scammer matches the Apple website, see if the message looks different from other messages you've received from the company, and see if it asks for personal information such as your account password or credit card number.
If a user receives a suspicious call, they should end the call immediately and contact Apple directly to verify the notification they received.
Apple's warning comes just a week after hackers used SMS phishing campaigns that sent fake messages to iPhone users asking them to open an "important request" link about iCloud.
California-based security firm Symantec discovered the attack this month, warning that the links lead to fake websites urging users to hand over their Apple ID information.
Apple has made it clear that its support representatives will not ask users to provide their device password or two-factor authentication code.
Good to know
ReplyDelete