The updated data follows fresh studies of “smishing” attacks focused on Apple IDs. The sinister actors were sending SMS text messages that trick customers into lending their Apple ID username and password to a fake iCloud site.
Apple’s guidelines provide important information that all users should pay attention to for their own safety, such as the advice to forget messages containing suspicious hyperlinks. Apple says it will no longer ask for an Apple ID password or verification code, and users will have to contact Apple immediately in exchange for responding to any suspicious phone name or message claiming to be from Apple.
Additionally, Apple will not ask customers to visit any site, tap to settle in a two-factor authentication conversation, or enter a two-factor code into any site. Apple can also no longer request that customers disable features like two-factor authentication, Find Me, or stolen software coverage. Apple’s security prompts:
- Do not share personal data or security information such as passwords or security codes in any way, nor agree to enter them into any webpage that someone directs you to.
- Protect your Apple ID. The importance of two-factor authentication, keep your Touch data reserved at all times, and never share your Apple ID password or verification code with anyone. Apple never asks for this data to backup.
- By no means does Apple present playing cards important enough to foot the bill for the alternative crowd.
- Learn how to determine the official Apple email about your App Bind or iTunes Bind purchase.
- Learn how to maintain your Apple units and knowledge base.
- Get tools only from resources you believe to be true.
- Do not view hyperlinks or incomprehensible links or save attachments in suspicious or unsolicited messages.
- Do not respond to suspicious telephone calls or messages claiming to be from Apple. In turn, contact Apple immediately through professional backup channels.
Scammers will go to great lengths to obtain personal data, so Apple recommends paying attention to tactics like developing a sense of urgency through scare techniques like stealing personal data or unauthorized charges. Scammers subsequently give login data and security codes, so that the data cannot be entered on a site accessed via a hyperlink in text or email.
Apple additionally warns against downloading unrecognized, unsecured device and configuration profiles and following the instructions on the pop-up. Customers who receive the pop-up should forget the message and all associated windows or tabs.
Apple has additional guidelines on social engineering schemes, the ways in which schemes can be removed, and the way suspicious emails, messages, and contacts can be handled by Yelp. There is a Sovereign Backup report on what to expect from an Apple backup and what types of data Apple will not request.