Hackers are beginning to target Apple iPhone users by sending them text messages that appear to be from Apple. The text message have messages indicating that a lost device has been found and use URLs that have Apple product names in them such as: apple.com-support[.]id, apple.com-findlocation[.]id, apple.com-sign[.]in, apple.com-isupport[.]in, icloud.com-site-log[.]in
There is a widespread belief that Apple products are inherently more secure than Android or Windows devices. Inherent security doesn’t matter here, if the hacker can convince you to install their viruses and malware it is game over for you.
Of course, other companies, especially Microsoft, have been battling this for years. The part that is unique here is the SMS delivery and Apple-specific targeting.
How do you respond? After 20 years of telling people not to click on links, we’ve discovered that doesn’t work: they are going to click.
- Turn on multi factor authentication for everywhere that supports it. Do not limit this to the “important” sites.
- Store information on systems that use AI to detect usage that is different from your, unique, usage and alert you when something is amiss, like the credit card companies do for travel.
- Assume that people are going click and design your security around that, instead of assuming that they can and will accurately determine the safety of links.