Apple ID smishing evolves to lure more victims

Smishing is nothing new. We’ve been warning readers of We Live Security about SMS phishing attacks (also known sometimes as SMSishing) for years.

But even if they’re not new, they continue to pose a threat to many smartphone owners and – in some cases – have even been seen to evolve as scammers attempt to trick more users into handing over their precious credentials.

The widespread popularity of Apple technology, in particular iPhones and iPads, has made the smishing of Apple ID passwords a focus area for some criminals.

In a typical campaign, messages are spammed out to smartphone users, containing a link.

The messages will often suggest that your Apple ID has expired, or that your account has been temporarily frozen as a security measure until you have confirmed you are the real owner.

The intent of the scammer is always the same – to dupe you into clicking on a link which goes to a fake Apple ID login page. On that phishing page your Apple ID and password will be grabbed, and – in some cases – the attackers may push their luck even further by asking for your credit card details and other personal information.

And, as you can see from the following screenshot, the phishing sites aren’t just designed to entrap English-speaking Apple users.