Over the past several years, smartphones have caused people to let their guard down — so of course scammers are taking advantage of the fact that many people will open just any text or email they receive on their phone.
In fact, criminals are still finding effective ways to target consumers using many of the same old tactics that have been around for a whole lot longer than smartphones.
And with so many Americans worried about the threat of identity theft after the massive Equifax data breach, crooks are taking advantage of those fears with a new scam targeting Apple users.
Criminals using identity theft fears to target Apple users
There are several attacks making the rounds that are specifically targeting people with iPhones, iPads and Mac computers.
The scam works a couple of different ways:
- Someone calls you pretending to be from Apple claiming that there has been a breach in the system — and they need your personal information to verify your account.
- Scammers send you an email or text that appears to be from Apple — saying that you’ve been the victim of a breach and you need reset your Apple ID account by clicking on the link provided in the message.
If you click on the link, it immediately gives the scammers access to your Apple account, including any stored personal information and payment information.
If you get the scam phone call, the caller claims to be from Apple’s support team and tries to trick unsuspecting victims into handing over access to their computer or account over the phone.
While some scams may have one very clear goal or mission, whether it’s to get a certain piece of information or convince the victim to take some sort of action like wiring money, it’s unclear what exactly the crooks are after in this case.
Nevertheless, there are always a few things you can assume scammers are after and some common tactics to always look out for.
Variations of the scam and how it works
Very often what happens with scams like this one — when criminals claim one of your accounts has been compromised — the crooks may tell you that you need to give them remote access to your computer so they can restore your account. Then once you do that, they can gain access to any and all information stored inside the device, including sensitive documents, account logins, banking information etc.
And we’ve seen this type of scam involving fake customer support or fake account problems carried out in several different ways— including phone calls, fake emails and text messages, as well as fake pop-up alerts and notifications.
However the scam is delivered, the goal is to trick unsuspecting victims into believing that they’ve been hacked, their information has been stolen or their personal data is at risk. The scammers then try to convince you that the only way to solve the issue is by handing over personal info, typically by clicking a link in an email or text, or even over the phone.
Beware of other iMessage and Apple ID hacks
This new scam comes not long after another recent attack on Apple users, which involved “hack attacks” tied to their iMessage and Apple ID accounts — and the scam appears on both computers and smartphones.
Users reportedly received messages, written in foreign languages, to their iMessage account from a foreign phone number. Then they would receive a notification from Apple that their Apple ID was being used on another device.
The notification only provided one option — to click “OK.” Then after clicking that button, the user’s iMessage account would be flooded with messages from a foreign number, with text written in Chinese.
Apple said it’s probably hackers trying to steal personal information and that the hack is fairly new, but the company’s developers are working on a solution. Apple did not know whether users’ personal information had been exposed.
If you think your Apple ID may have been compromised, Apple has a resource page with more information.
Read more: 5 ways to make your iPhone more secure
How to protect yourself from similar scams
The problem is only getting worse. In fact, the IRS found that tax-related phishing scams were up 400% last year — and that data only includes scams related to tax season.
The reality is, there are new threats to your privacy and security every day — so it’s crucial to make sure you take the right steps to protect your personal information.
Bottom line: Even if a message appears to be from a trusted source, don’t trust it!
Here’s a general rule of thumb for avoiding these types of scams: Do not click on any link in any email or text message that you were not expecting. If you think there’s a legitimate message or notification intended for you, go directly to the official website of whatever business it is and check for any notifications there.
If you receive a message from an unknown number, delete it! Don’t open it, don’t click anything — just delete it. It’s better to be safe than sorry.
If a company needs you to update your profile, you should be able to find that information by logging in to your account separately through the official site — or by calling the company directly.
Here are some additional tips to help you protect yourself from text message scams:
- Just hit delete! Ignore instructions to confirm your phone number or visit a link. Some scam texts instruct you to text ‘STOP’ or ‘NO’ to prevent future texts. But this is a common ploy by scammers to confirm they have a real, active phone number.
- Read your phone bill: Check your phone bill for services you haven’t ordered. Some charges may appear only once, but others might be monthly ‘subscriptions.’
- Check accounts frequently: You should check any account that contains your personal information on a consistent basis. That way you can spot any potential fraud before it causes serious damage.
- Know your rights: Real commercial text messages must provide a free, easy way for you to opt out of future communication. Learn more here.
- Know how to combat spam texts:In Canada, an anti-spam law covers text messages. Learn more about reporting and fighting spam here. In the U.S., forward the texts to 7726 (SPAM on most keypads), but don’t click any links. This will alert your cell phone carrier to block future texts from those numbers.
- Watch out for look-alike URLs: Just because a URL has the name of a real company in it, doesn’t mean it’s legitimate. Anyone can register a sub-domain (realcompany.website.com) or similar URL (realcompany1234.com).
- Ask your phone carrier about blocking third-party charges: Mobile phone carriers permit outside businesses to place charges on your phone bill, but many carriers also allow you to block these charges for free.
More resources to protect yourself:
- Why you need two-factor authentication and how to set it up
- Our full list of recommended password manager sites and tools