Scammers target iPhone users to steal Apple ID Posted by Damien Biddulph on Mon 21st Aug 2017
Users are told that their non-existent 'iPhoneID' is expiring soon
Scam disguises SMS message as an iMessage
A new scam is running around the iPhone market, trying to take advantage of the less tech-savvy users out there. Of course, if you're on V3 then that's probably not you - but you should still read this and be aware of the fraud. If nothing else, warn your friends!
In the middle of the week, a Reddit user named Gh0sta made a thread about the attack on the iPhone sub-reddit. It appears that SMS messages are being sent to iPhone users, warning them that their ‘iPhoneID' is about to expire. Of course, there is no such thing as an iPhoneID.
Those users who are fooled click a link in the text message, taking them to a webpage where they are asked to enter their credentials. Seeing as the iPhoneID isn't actually A Thing, users instead enter their Apple ID.
Once they have the Apple ID details, the scammers can use them for a variety of nefarious purposes, including making false charges to the account, stealing personal data, or just locking the account and demanding money to open it again.
The (somewhat) clever part of the scam is that the message sender uses SMS spoofingto name themselves ‘iMessage' - even though the message itself is an SMS. Because incoming texts and iMessages both appear in grey, some users could be fooled.
Apple products, especially iPhones, have become a prime target for cyber criminals in the last decade. There are two main reasons behind this: first, the owners tend to be affluent (there are very few budget iPhones out there, unlike other mobile OSes); and second, many users don't have the technical know-how to avoid scams like this. iOS is still perceived as ‘simpler' than its competitors, attracting these users.