'Your Apple ID Is Suspended': New Phishing Scam Targets iPhone, iPad, Mac Users
The attack targets users of any Apple device that requires an Apple ID.
Cybercriminals are reportedly targeting Apple device users in a new phishing email attack using a very convincing and urgent call to action: your Apple ID has been suspended or your Apple ID is suspended.
The attack is targeted towards users of iPhone, iPad, MacBook, iPod or any device that requires the use of an Apple ID. Given that there are over 2 billion active users of Apple products, the attack surface is huge and a ripe target for hackers. Additionally, Apple products have a premium audience, which makes it even more alluring for cybercriminals to target this demographic.
iPhone users have in the past reported other phishing tactics, such as “your iCloud storage capacity is nearly full,” along with upgrade offers for users who take the bait.
These phishing emails with seemingly convincing tone are increasingly made using artificial intelligence, with the objective of tricking the users into clicking a link. The fraudulent link then leads them to a website where their account credentials can be stolen. The attack further uses 2FA-bypass techniques, which makes it even more dangerous.
Additionally, the phishing emails may even say that Apple has detected unusual behaviour on your account or that the account has been hacked, to further draw victims to take action by clicking malicious links.
Apple advises users to recognise a phishing attack by watching out for the following:
In an effort to establish credibility and appear genuine, scammers frequently bring up personal information about you.
Scammers frequently pretend to want to assist you in solving an urgent problem.
In order to prevent you from having time to think and to discourage you from contacting Apple directly, scammers typically instil a sense of urgency into taking action.
Scammers will ask for your account information or security codes.
Apple further advises that the company will never ask that you log in to a website, enter your password, device passcode, or two-factor authentication code, or tap Accept in the two-factor authentication dialogue.