Apple has issued a warning to anyone with an iPhone as a surge of scams continues to target unsuspecting users. The tech giant is urging caution over social engineering scams and has provided a series of steps to follow to avoid them.
Social engineering is a manipulative tactic employed by fraudsters to trick individuals into giving sensitive information or money. According to Apple, these scams frequently involve criminals impersonating reputable companies or organisations. They use convincing – and increasingly sophisticated – tactics to steal personal details like passwords, codes and financial information.
The company cautions that phishing remains one of the most prevalent social engineering techniques, typically perpetrated through fraudulent emails. However, they warn that scammers will exploit any available channel to trick users into giving up confidential information or making payments, reports the Mirror.
This includes:
1. Fraudulent emails and other messages that appear to be from legitimate companies, including Apple.
2. Misleading pop-ups and adverts claiming your device has a security issue.
3. Scam phone calls or voicemails claiming to be from Apple Support, Apple partners, and other well-known or trusted entities or individuals.
4. Fake promotions that offer free products and prizes.
5. Unwanted Calendar invitations and subscriptions.
It recommends that if you get an unexpected message, phone call or request for personal details such as your email address, telephone number, password, security code or cash, it’s wise to treat it as a scam. When uncertain, get in touch with the organisation directly via their official support channels.
Look out for these warning signs to help spot if you’re being targeted in a social engineering scam:
A fraudster might ring you from what looks like a genuine phone number for Apple or another reputable firm. This technique is known as “spoofing.”
If the call feels dodgy, think about ending it and ringing the verified number for the company yourself.
Scammers frequently mention personal details about you to try to gain your confidence and appear credible. They might reference information you regard as private, such as your home address, workplace, or even your National Insurance number.
They will often convey a desire to help you resolve an immediate problem. For example, they may claim that someone broke into your iPhone or iCloud account, or made unauthorised charges using Apple Pay. The scammer will claim they want to help you stop the attacker or reverse the charges.
The scammer will insist they want to assist you in stopping the attacker or reversing the charges. Scammers often create a sense of urgency to prevent you from thinking clearly or contacting Apple directly. For instance, they may falsely claim that fraudulent activities will continue and that you’ll be held responsible if you don’t act immediately – a tactic designed to prevent you from ending the call.
Eventually, these fraudsters will ask for your account details or security codes. They typically direct you to a counterfeit website resembling an authentic Apple sign-in page and insist on identity verification.
However, Apple will never request you to log into any site, tap ‘Accept’ in the two-factor authentication dialogue, provide your password, device passcode, or two-factor authentication code, or enter it into any website.
In some cases, scammers may ask you to disable security features like two-factor authentication or Stolen Device Protection. They might argue that this is necessary to stop an attack or regain control of your account.
In reality, they’re attempting to deceive you into lowering your security so they can launch their own attack. Apple will never ask you to disable any security feature on your device or account.
How to spot fraudulent emails and messages
The sender’s email or phone number doesn’t match the company name they claim to represent.
The email or phone number used to contact you differs from the one you provided to that company.
A link in a message appears legitimate, but the URL doesn’t correspond to the company’s website.
The message significantly deviates from other messages you’ve previously received from the company.
The message requests personal details, such as a credit card number or account password.
The message is unsolicited and contains an attachment.
They strongly advise people never to share personal information like passwords or security codes. They also ask people to avoid entering these details on a website someone else directs them to. Additionally, they recommend enabling two-factor authentication.
As part of their security guidance, the tech company also warns against using Apple Gift Cards to make payments to others and cautions users not to respond to suspicious calls or messages claiming to be from Apple. They stress that if you need to contact Apple, you should do so directly through their official support channels or in store.