As the clocks went back an hour in the UK, hackers began targeting Apple users with a phishing scam in the hopes of stealing personal details. Via the new campaign hackers posing as Apple send out a scam SMS, which informs users about the immediate expiry of their Apple IDs.
It contains a link that redirects users to a fake Apple ID login page and prompts them to enter their username, passwords and other sensitive information such as card details, passport number, driving licence number and mother's maiden name.
The phishing SMS reads, "Your AppleID is due to expire Today, Please tap [url] to update and prevent loss of services and icloud accounts."
Twitter user Simon Rae-Scott first sounded the alarm about the SMS phishing campaign, also called smishing, when he posted a screenshot of the scam SMS on Twitter, Graham Cluley reported. He claimed that the hackers had timed the campaign to go live to "cleverly to coincide with UK changing of the clocks".
Smishing campaigns are one of the common tools used by online scamsters to steal sensitive user data, without alerting users of any suspicious activities. This method provides hackers enough time to infiltrate user accounts and obtain data while users generally remain clueless about the loss of their data. Phishing campaigns also provide hackers with the ability to go after a wide range of targets, so as to ensure more profits.
This is not the first time that Apple users having been targeted via a phishing campaign. In May, Apple users in the UK were targeted with similar attacks, wherein users received text messages that claimed that their iCloud account had been deactivated. In June, cybersecurity firm FireEye noted that Apple users in China as well as UK were being targeted by "several phishing campaigns".
The consistent phishing scams even prompted Apple to issue a warning to users to be wary of suspicious emails and/or text messages.