Another day, another phishing website, as scammers go after iPhone owners with a fake Apple login. Here’s how not to get fooled.
Scammers will do anything to steal your data, because it is ultimately worth something to them. Your life and your data is worth real money, and they’ll do whatever they can to convince you that a scam is legitimate, even when it’s not.
It isn’t just fake NBN calls, fake Amazon calls, fake PayPal invoices, and fake ATO and MyGov notifications, but also fake logins to real services you use elsewhere. Australians are likely seeing fake everything, as the same tactics are used again and again.
One recent one appears to be fake Apple logins, which clearly focuses on the iPhone-owning crowd.
Much like the fake Linkt SMS making their way around, the approach is the same: an SMS with a dodgy URL linking to an equally dodgy website. If you find your way into the rabbit hole, you can expect a hastily prepared page designed to look legit, but is only there to steal your credentials. So what do you look out for?
Dodgy details
SMS scams tend to have telltale signs, and the Apple ID phishing scams we’ve seen of late definitely fall into that category.
Not everyone checks or even knows what to look out for, and that is precisely the sort of people scammers are hoping will fall into their trap of entering details on a fake and altogether dodgy website.
In this scam, the link goes to a fake website designed to take your details from you. Known as “phishing”, you’ll find parts of the con that look real enough, but view the details in a different light and you won’t find yourself so easily fooled.
Look at the SMS sender ID
For starters, check out the sender ID of the text message you’ve been sent. If it purports to be from a big company, yet comes from a standard mobile number, you can bet it’s definitely fake.
While it is possible for scammers to fake some company names (or get near enough to be convincing enough), many are locked off and can’t be used. When it comes to Apple, you can bet that’s definitely the case. As a result, this scam is missing a proper sender ID, and is just another phone number.
Don’t bother calling back that phone number, either. It’s probably just been spoofed to begin with, and the person who actually owns it has no idea their number is being used for a scam.
The URL looks dodgy, too
It’s not just the sender ID that looks wrong, but also the website you’re being asked to click on.
Scammers can’t use a real website address for their scams, so they’ll either go for something similar, or so outlandish and crazy that you wouldn’t think about the end result.
But thinking about both can save you from being scammed, and in the case of what’s appearing in this scam attempt, the website is not from Apple or its other service, iCloud.
Other details
If you accidentally find your way to the page, there are other details, though these might not be as obvious upon first glance.
For instance, we found the toolbar up top was just an image, as was the menu section at the bottom of the page. The lack of font control is very unlike Apple, too, but it might be passed off by the casual glance as taking too long to download.
However, one consistent detail in phishing scams like this is that none of the links work except for the ones designed to get your password.
In this scam, that is definitely true: the only link that works is one to reset your password, and it only goes to the real Apple location so you can reset it and hand it over to the scammer.
But you should definitely not do that. If you find your way to a scam website, do one other thing…
Check the website address in your browser
We’ve already noted that you should check the website address on the dodgy SMS, but if you accidentally click on that link, make sure to check the URL inside your web browser.
Remember that scammers can’t just use the website from another company. They have to make their own dodgy equivalents, and host them somewhere else.
Because they can’t just use apple.com or icloud.com, they’ll often have something different, and that’s your big clue. If the website address isn’t right, the website isn’t right, either.
Don’t fall for the con.
When in doubt, just search
If you’re concerned for any reason, delete the message and just do a search from your browser of choice.
Apple iPhone, iPad, and Mac owners with an Apple concerned they’ve been hacked for any reason can reset their password and log in to their Apple account at any time, but they should do it from a legitimate link, and not one supplied from a random SMS and a random phone number.
With Australians losing billions to scammers in the past few years, it’s never been more important to pay attention to your messages, and try to make sure that you’re not the next person to fall into a text scam rabbit hole, or any other sort of scam, either.
