Apple IDs under threat from new phishing attack spread through texts — don’t fall for this

iPhone 15 Pro Max shown in hand
(Image credit: Tom's Guide)

Apple users are going to want to be extra careful when checking their text messages as a new phishing campaign is making the rounds online that can steal your Apple ID and password if you’re not careful.

As reported by Macworld, a new smishing or SMS phishing campaign has been observed in the wild by security researchers at Broadcom. Like with similar campaigns in the past, this one is designed to steal your login credentials which can then be used to take over your Apple account and other accounts on the best iPhones and best MacBooks.

Here’s everything you need to know about this new campaign along with some serious red flags to look out for and how you can keep your Apple ID safe from hackers.

Poorly impersonating Apple

According to a new report from Broadcom, this campaign begins with a fake text message targeting iPhone users.

The message starts with “Apple important request iCloud” and contains the following link: signin[.]authen-connexion[.]info/icloud. Potential victims are also urged to sign into their iCloud account to continue using the service.

More savvy users might notice that something is off immediately as the domain used here (authen-connexion[.]info) isn’t owned by Apple. At the same time, Apple typically doesn’t send messages about iCloud via text message. Instead, if something was off with your cloud storage, the iPhone maker would send you an email.

If you do click on the link though, you’re taken to a malicious site posing as iCloud. There’s another big red flag there though as you need to complete a CAPTCHA before logging in. The company doesn’t use CAPTCHA for verification though. Instead, it uses Touch ID or Face ID. When those aren’t an option though, Apple will ask for a 6-digit, two-factor authentication (2FA) code sent to one of your devices.

As you would expect, entering your Apple ID and password to log in to this fake iCloud site allows the hackers behind this campaign to steal your credentials. From here, they can take over your account and lock you out, look for sensitive data stored in your iCloud and potentially even commit identity theft with enough information.

How to keep your Apple ID safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Phishing attacks come in many forms and while they’ve typically been delivered through email, they can also arrive via text message. This is why you need to be careful when checking your inbox, your messages and your social media profiles as well.

Fortunately though, there are some dead giveaways that a message isn’t legitimate. In this case, right off the bat, the hackers behind this campaign try to instill a sense of urgency by telling you that you need to login immediately or risk losing access to your account. Hackers often try to prey on our emotions but if you keep a level head when checking your inbox or messages, you’ll be less likely to fall for this sort of trick.

While you shouldn’t click on any links or download any attachments in emails or messages from unknown senders, if you do think the one you’re looking at could be legitimate, there’s an easy trick to see if it is or not. 

web URL displayed at angle on screen

(Image credit: Shutterstock)

For this, you want to take a closer look at the links themselves. This can be done by hovering over any linked text or right clicking on a link to copy and paste it somewhere else for further analysis. With a simple web search, you can easily tell what domains a company actually uses and compare those with the ones in an email or message.

Another thing to look out for is misspelled websites as this is a trick hackers use to get you to click on malicious links in the first place. For the most part though, you absolutely want to avoid logging in to your accounts from any link sent to you via text or email. Instead, you should use your browser to navigate to the site or service yourself and then log in that way.

When it comes to keeping your Apple computer safe from viruses, you should consider using the best Mac antivirus software. While your Mac comes with built-in antivirus software in the form of XProtect, paid antivirus software often comes with other useful extras like a VPN or even a password manager.

Phishing attacks are easy to pull off and don’t take that much work to craft and for this reason, hackers will likely continue using them in their attacks. This is why it’s up to you to be extra careful when checking your messages or your inbox.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.