Apple Users the Lone targets of Scammers — 7500 plus Users affected by Latest SMS-Phish Campaigns Already!
Reports suggest that SMS Phishing campaigns are on a rise this summer and particularly Apple users are being targeted. The latest discovery by security gurus at Intel security (previously McAfee, Inc) is a clear proof of that.
Security experts at Intel noticed two new campaigns on July 22nd and July 27th respectively. These campaigns were smishing campaigns, which means these were SMS based and so tricky that they immediately managed to con a huge number of Apple users, approx. 7,500. According to experts, their security products identified that the campaigns were purely Smishing because of a suspicious SMS message being circulated via a US-based cell phone number.
Thus, it becomes obvious that malicious links are being distributed via SMS. As soon as the users click on these links they are redirected to specially designed phishing pages or already hacked websites. These pages were created to steal authentic Apple login IDs and credentials of the users. The Smish messages have an email like format as there are email-specific fields in the message such as MSG and FRM. However, the malicious links have been found hiding behind short URLs like Bit.ly.
Screenshot shows content of smishing text messages / Source: Intel-Mcafee
Recipients of these tricky text messages were informed that they needed to verify their Login details as soon as possible otherwise their account will be locked by Apple. Also, just like it happens in any malicious message/email, users were asked not to ignore the and do not regard it as spam. The message also contained a link that was supposedly leading them to the page where Apple needed them to verify their login credentials.
Screenshot shows content of smishing text messages after once user is redirected to a scammy or already hacked site / Source: Intel-Mcafee The final step! / Source: Intel-Mcafee
It has been identified that US-based users were the primary targets of these two campaigns that are running parallel to each other currently. Around 1,765 and 5,784 users have already clicked on the malicious link provided in the SMS messages from the two campaigns.
This is the first time when researchers have found large-scale smishing attacks on Apple users. In the past, Android users were found under attack in which a phishing text message was infecting Android devices and replacing existing banking apps with a malware. In another research RuMMS malware was infecting Android devices through smishing.
Apple or Android users, it doesn’t matter as cyber criminals see you as a target for your bank account not for the smartphone or OS you choose. So in case you receive unknown texts messages with aforementioned links DON’T FALL for it and NEVER click such links.