SMS, iMessage, calls: Apple explains how to avoid becoming a phishing victim
In a recent support document, Apple explains current attacks on customers. A central security problem with Apple ID protection remains.
Apple logo on the back of a device with a warning symbol.
(Image: Sebastian Trepesch)
In a recently published memorandum, Apple has warned of various forms of attack that seem to be affecting more and more customers. The support document is intended to help recognize and avoid "social engineering schemes such as phishing messages, fake support calls and other scams", writes the company. In addition to detection options, it also describes how to report scam attempts to Apple so that they can be blocked for other customers.
How attackers impersonate Apple
Scam and spoofing attempts, in which the attackers pretend to be Apple employees, seem to be occurring more frequently again recently. Known Apple numbers are also being used. The company recommends calling back if necessary to check that the number is actually correct. It also warns that attackers may have access to private data from hacks, build up pressure, request further account information such as security codes and also attempt to bypass iPhone security functions such as protection for stolen devices.
Apple provides further tips on how to identify fraudulent emails and text messages and what to do if the browser behaves strangely. Phishing attempts should be reported to reportphishing@apple.com, FaceTime scam attempts to reportfacetimefraud@apple.com - preferably with screenshots and/or further details. iCloud attacks should be reported via abuse@icloud.com.
MFA can still be bypassed via telephone number
No matter how hard Apple tries to educate customers who are not familiar with security issues: For years, the company has left a gap in the security of its Apple ID that security experts have repeatedly warned about. This is the fact that it is still mandatory to enter a telephone number that can be used to reset an account. It can also be used as an alternative log-in method instead of Apple's own multi-factor authentication system (MFA).
The problem with this is that so-called SIM swapping attacks continue to occur, in which crooks steal users' phone numbers. In connection with the spread of eSIMs, the situation has actually become even worse because there is no longer even a need to wait for the card to be sent. While other companies have therefore completely decoupled their MFA systems from telephone numbers, Apple continues to rely on them - probably also for the convenience of its customers.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
