Apple is warning of an on-going phishing attack that targets Apple and iPhone users through SMS (“smishing”) or emails. These messages appear to be from Apple and ask you to visit a fake iCloud website to log in, where they can steal your Apple ID credentials and potentially all of your data.

Apple advises users to be cautious of any message urging them to log in urgently. Don’t share personal information or click any links in suspicious messages. Always enable two-factor authentication. Report suspicious messages directly to Apple via contact channels you know to be legitimate.

Here’s how to protect yourself:

• Double-check the URL: A real Apple address will include Apple.com or iCloud.com, not random domains.
• Apple logins don’t use CAPTCHAs: Apple uses Touch ID, Face ID or a code sent to your device.
• Update your iOS: Latest updates often include security patches.
• Only use the Apple App Store to download software or applications, and verify developer information, security and permissions.
• Never use gift cards for payments: Apple will never request you make payments using gift cards.

Remember, no device is 100% safe. Be cautious and don’t click suspicious links, even if they seem to come from Apple.

Click here to learn more about how to protect your Apple devices from scams and phishing attempts.
Click here to learn more about scams here at the University and Medical Center.