Scammers these days often go to very elaborate lengths to convince gullible users to hand over their Apple IDs and passwords. One of the latest scams has users getting fake text messages that tell them to log into a scam site to stop their iCloud account from being deactivated.
The Mac Kung Fu blog has more details:
An extremely convincing iCloud phishing scam site has surfaced. The site uses the URL http://signinicloud.com (DON’T visit it!) and looks and feels just like Apple’s existing https://appleid.apple.com website.
Victims are invited to visit the site via a fake SMS/iMessage received in their iPhone, such as that shown above, and subsequently invited to input a range of personal details – including credit card number.
Inputting any username and password to login to the phishing site – even something like firstname.lastname@example.org and password – returns a message that the account is locked. The user is then invited to input everything from credit card number, to home address, and security questions such as mother’s maiden name and driver’s license.
The original report about this came from a thread in the Apple subreddit, and redditors there shared their thoughts about this latest attempt to scam them:
TangoHotel: “Just out of curiosity, I went to their website. I signed in with a fake account and password and was shown a prompt saying “your account has been locked for security purposes” then asked to verify my account by filling out everything from name and address all the way to credit/debit card information (I used a credit card number generator).
It even asked to set a “security question” that had “mother’s maiden name” “passport number” “driver’s license number” as options. After filling everything out, it “processed” then said that I’d be signed out and have to log back in. Then it sent me to the legit Apple iCloud login (green characters in the address bar).”
HeadHunta: “Damn man, that’s pretty elaborate stuff. It’s easy to see how someone could fall for that and think all is well when they’re redirected to the legit apple page and log in like everything is fine.”
Idudd: “They can get far more elaborate. Back in the day before 2fa, there were phishing scams going about for PayPal/eBay. The page was scripted with php and curl, so that when you enter an email and password, It would attempt to login to the real site, it would display a usual bad username or pass msg if the details were bad.
However if the details were correct, it would then retrieve all the available information, e.g. Name, address, last digits card number, card type etc… And it would then display a page asking to verify your account information, with a semi pre-filled page with your information. I must admit I’m surprised to see that the phishers are now using SMS instead of emails, but I guess it means they don’t need to worry about spam filters as much.”
McDevalds: “And after surging around your account info on the legit apple website, you wouldn’t even think twice about all the questions “Apple” asked earlier, and might even forget. Sometime in the near future, a month, or next year, poof, credit cards maxed, locked out of iCloud, etc…and you’d not likely remember this little website from months ago.”
Wise_joe: “I always assumed that the people who fell for phishing attacks were complete tech illiterates, but I’ll confess that had I clicked a link believing that it was to an Apple site, and that screen showed up, I’d have believed it.”
Always go directly to Apple’s sites for help with products and services
If you are ever in doubt about the status of your Apple ID, iCloud account, etc. make sure that you go directly to Apple’s sites. Never click links you get in SMS, Messages or in email because you just never know where they will take you.
Apple’s support page is a great place to start if you are having problems or if you think something is wrong with an Apple product or service. You can contact Apple directly to obtain assistance, without worrying about being victimized by a scammer.
The Apple support page includes help for all of Apple’s products including the iPhone, Apple Pay, iCloud, OS X and everything else. So it might be a good idea to add it to your bookmark list for future reference if you are ever in doubt or need assistance.
Did you miss a post? Check the Eye On Apple home page to get caught up with the latest news, discussions and rumors about Apple.
This article is published as part of the IDG Contributor Network. Want to Join?