Photo: Hadrian / Shutterstock.com
As Black Friday fuels a shopping spree worldwide, cybercriminals are capitalising on the chaos with two alarming scams targeting about two billion Apple users. The first is a warning that your Apple ID has been suspended due to suspicious activity, while the second lures victims with fake iCloud storage upgrade offers.
Both schemes aim to steal credentials by leveraging urgency and AI-generated precision, making them harder to detect and even more dangerous during the busy holiday season.
According to Forbes, the first scam mimics an official announcement from Apple. The primary goal of scammers is to lure victims into clicking on the link, leading to cloned websites designed to steal login credentials. When victims see a message claiming that their Apple ID has been suspended, they enter into panic and often follow the steps mentioned in the email.
In a related campaign, fraudsters target Apple users with fake iCloud storage alerts. These messages, distributed via email and SMS, claim the user’s iCloud storage is full and offer a free upgrade through a fraudulent link. The links direct victims to a cloned Apple website where login credentials are harvested.
As with the ‘Apple ID suspended’ scam, the primary objective is to gain control of the victim’s Apple ID, granting them access to sensitive data and enabling unauthorised purchases.
These scams are becoming increasingly sophisticated, with some even incorporating methods to bypass two-factor authentication (2FA), heightening the risk for unsuspecting users. A hallmark of these schemes is the scam’s emotional manipulation, such as creating a sense of panic or urgency.
Apple has issued a clear warning to its users, offering practical tips to spot and avoid falling to phishing attacks. These include verifying personal information, avoiding sharing sensitive information online, and checking sender details and email language. Usually, in a phishing email lure, scammers use urgent words so that the victim doesn’t get enough time to think about the situation.
Apart from these two scams, several other phishing attacks also target Apple users. For example, there’s a “Your iOS/iPhone is damaged‘ pop-up scam, or the “Apple iTunes 866-712-7753 charge scam.”
In the News: Australia’s Lower House passes bill to ban social media for under-16s