SMiShing is the text version of email phishing.
Research recently carries out by McAfee Labs has identified an active SMiShing campaign targeting iPhone users.
It goes like this:
- You receive a text message telling you your account has been temporality locked and a ‘helpful’ link to click on to unlock your account
- Of course, clicking the link takes you to a site full of warnings about the impending closure of your Apple account
- Another link then takes you to a counterfeit Apple ID login
- The information you enter here (i.e. your Apple ID and password) is collected by the cybercriminals and used to gain access to your Apple account
You’ve got used to being on your guard against bogus emails, now you have to apply the same thinking to text messages.
As a general rule, if it sounds dodgy it probably is. If unsure, open a your browser and make your own way to the Apple account login page and see if you have any messages there.
A guide to spotting SMiShing
It’s highly unlikely this Apple scam will be the only SMiShing attack out there, so here are a couple of things to remember.
1: How they contact you
Since you bought your iPhone you’ve probably had to re-enter your iCloud or Apple ID password for various reasons. When needed, you’ve never been asked to by text message. Pop-up is the standard method Apple use, so be suspicious of any text message that asks for your Apple credentials.
2: What they look like
These forms of attack are sent out in huge quantities so, to save time, the cybercriminals use code from a previous attack. When this happens you see things like standard email fields of “from,” “subject” and “message,” giving a clear indication that you should be suspicious – after all, when was the last time you received an text message with a subject line?
The best advice we can offer (as always) is be on your guard and if something looks odd it probably is.