Summary:
Symantec recently published a security bulletin warning about a phishing campaign targeting Apple users in the United States. These campaigns are mostly conducted via email but have increasingly been deployed via malicious SMS text messages (smishing). Researchers note the end goal is to target Apple IDs which can provide actors control over devices and access to victims’ personal and financial information. In one example observed by Symantec, a end user received a SMS message claiming to be from apple, prompting the user to visit a link in order to complete an important iCloud request. To create a sense of urgency, the message claims that the request must be completed in order to continue using the service. If the user clicks on the link, they are directed to a webpage that mimics an outdated iCloud login template designed to gather credentials. Before this site can be accessed, researchers note a CAPTCHA prompt is provided in which the user must complete. “Typically, smishing actors restrict access to their malicious websites to users on mobile browsers and specific regions to evade detection by monitoring systems. However, in this instance, the malicious website is accessible from both desktop and mobile browsers,” states Symantec in its security bulletin.

Security Officer Comments:
The latest campaign highlights a trend in cybercriminals masquerading as popular vendors and brands to infect users with malware or collect credentials for account takeovers. According to Symantec, Apple's strong brand reputation makes users more susceptible to trusting deceptive communications that appear to be from Apple, further enhancing the attractiveness of these targets to cybercriminals. Apple is not the only company has been targeted in smishing campaigns as of lately. In particular, the operations team has received countless of USPS themed SMS text messages requesting to click on a link and update shipping details so that a package can be delivered.

Suggested Corrections:
Users should be wary of incoming messages from unrecognized senders requesting to click on a URL. In general, messages containing grammatical and spelling errors, and offers that are ‘too good to be true’ or that require urgent action should be avoided. Before entering credentials, users should check the authenticity of the site, as actors are actively setting up fake domains to collect credentials for various platforms as seen in the latest campaign. If you are expecting a shipment, for example from USPS, you should defer to the company’s official site for shipping and tracking updates.

Link(s):
https://www.broadcom.com/support/se...in/apple-ids-targeted-in-us-smishing-campaign