For whatever reason, smartphones have caused people to let their guard down — and scammers are taking advantage of the fact that many people will open just any text or email they receive on their phone.
But as these scams continue to evolve, criminals are still finding effective ways to target consumers using many of the same old tactics that have been around for a whole lot longer than smartphones.
After several attacks have targeted Apple users via text message, scammers are now going after them in a different way.
Beware of new phone scam targeting Apple iCloud users
According to a recent report, criminals are calling Apple iCloud users and claiming that their account has been hacked.
The caller claims to be from Apple’s support team in an effort to trick unsuspecting victims into handing over access to their computer or account, according to Daily Beast senior editor Michael Weiss, who received one of these calls himself recently.
While some scams may have one very clear goal or mission, whether it’s to get a certain piece of information or convince the victim to take some sort of action like wiring money, it’s unclear what exactly the crooks are after in this case.
Nevertheless, there are always a few things you can assume scammers are after and some common tactics to always look out for.
Variations of the scam and how it works
Very often what happens with scams like this one — when criminals claim one of your accounts has been compromised — the crooks may tell you that you need to give them remote access to your computer so they can restore your account. Then once you do that, they can gain access to any and all information stored inside the device, including sensitive documents, account logins, banking information etc.
And we’ve seen this type of scam involving fake customer support or fake account problems carried out in several different ways— including phone calls, fake emails and text messages, as well as fake pop-up alerts and notifications.
However the scam is delivered, the goal is to trick unsuspecting victims into believing that they’ve been hacked, their information has been stolen or their personal data is at risk. The scammers then try to convince you that the only way to solve the issue is by handing over personal info, like an account password, Social Social number or remote access to your device.
Beware of iMessage and Apple ID hacks
This new scam comes not long after another recent attack on Apple users.
According to a report by Mashable, users have been reporting ‘hack attacks’ tied to their iMessage and Apple ID accounts — and it’s happening on both computers and smartphones.
One of Mashable’s own employees first spotted the scam when she received a message, written in Chinese, to her computer’s iMessage account from a foreign phone number. She then got a notification from Apple that her Apple ID was being used on another device.
The notification only provided one option — to click ‘OK.’ And after clicking that button, the Mashable employee says her iMessage account immediately received message after message from a foreign number, again with text written in Chinese.
She changed her Apple ID password and security questions, and then contacted Apple Support. Apple said it’s probably hackers trying to steal personal information and that the hack is fairly new, but the company’s developers are working on a solution. Apple did not know whether the user’s personal information had been exposed.
If you think your Apple ID may have been compromised, Apple has a resource page with more information.
Read more: 5 ways to make your iPhone more secure
How to protect yourself from similar scams
The problem is only getting worse. In fact, the IRS found that tax-related phishing scams were up 400% last year — and that data only includes scams related to tax season.
The reality is, there are new threats to your privacy and security every day — so it’s crucial to make sure you take the right steps to protect your personal information.
Bottom line: Even if a message appears to be from a trusted source, don’t trust it!
Here’s a general rule of thumb for avoiding these types of scams: Do not click on any link in any email or text message that you were not expecting. If there’s a question and you think there’s a legitimate message or notification intended for you, go directly to the official website of whatever business it is and check for any notifications there.
If you receive a message from an unknown number, delete it! Don’t open it, don’t click anything — just delete it. It’s better to be safe than sorry.
If a company needs you to update your profile, you should be able to find that information by logging in to your account separately through the official site — or by calling the company directly.
Here are some additional tips to help you protect yourself from text message scams:
- Just hit delete! Ignore instructions to confirm your phone number or visit a link. Some scam texts instruct you to text ‘STOP’ or ‘NO’ to prevent future texts. But this is a common ploy by scammers to confirm they have a real, active phone number.
- Read your phone bill: Check your phone bill for services you haven’t ordered. Some charges may appear only once, but others might be monthly ‘subscriptions.’
- Check accounts frequently: You should check any account that contains your personal information on a consistent basis. That way you can spot any potential fraud before it causes serious damage.
- Know your rights: Real commercial text messages must provide a free, easy way for you to opt out of future communication. Learn more here.
- Know how to combat spam texts:In Canada, an anti-spam law covers text messages. Learn more about reporting and fighting spam here. In the U.S., forward the texts to 7726 (SPAM on most keypads), but don’t click any links. This will alert your cell phone carrier to block future texts from those numbers.
- Watch out for look-alike URLs: Just because a URL has the name of a real company in it, doesn’t mean it’s legitimate. Anyone can register a sub-domain (realcompany.website.com) or similar URL (realcompany1234.com).
- Ask your phone carrier about blocking third-party charges: Mobile phone carriers permit outside businesses to place charges on your phone bill, but many carriers also allow you to block these charges for free.
More resources to protect yourself:
- Why you need two-factor authentication and how to set it up
- Our full list of recommended password manager sites and tools