Another week, another Apple phishing scam. This time, the lure comes via text message, and while the message is hardly convincing, the website that it leads to, which tries to trick users into coughing up their credentials, looks just like the real thing.
Luckily, if you've ever avoided an iOS scam (and if you've owned an Apple mobile product for more than a few days, you probably have), you'll steer clear of this one before you ever see the convincing fake page.
The McAfee Labs Blog (opens in new tab), run by Intel's security division, detailed the scam, although there’s no special or unorthodox trick to it. Using a technique known as "smishing" (SMS or text-message phishing), an unidentified group of scammers has started bombarding iOS users with text messages bearing shady links.
Each text message contains a "FRM," "SUBJ" and "MSG" field, which might seem reasonable in an email, but totally out of place in a text message. If a user clicks the embedded link, a website displays a shoddily written, bogus warning that claims to be from the Apple store. Complete with errant capitalization and poor grammar, the message warns users that they must click a link to verify their Apple IDs, or else they will lose access to their accounts forever.
The scam's sole clever feature comes next, as clicking the link will take users to a very convincing copy of an Apple verification page, complete with Apple's gray color scheme, white logo and links in case users have forgotten their usernames or passwords.
On the bright side, not many users seem to be falling for the scam. Only about 8,000 users have clicked on the links, which, in the grand scheme of things, is not a whole lot. McAfee found no evidence that any of those users had actually given their information, although the law of averages suggests some of them probably did.
Avoiding these scams is not hard. Just disregard suspicious messages claiming to be from major companies, and if you're really concerned about the status of your account, check it yourself through the real site's login page. Consider also activating Apple's two-step verification option, so that even if you get phished, a scammer can't access your account.