Update, Nov. 27, 2024: This story, originally published Nov. 25 now includes information about a second Apple ID phishing scam and more expert advice for iPhone, iPad and MacBook users on how to best avoid falling victim to Black Friday and Cyber Monday scams.
With Black Friday almost upon us, no wonder the scammers are out in force. While it may be a well-used phishing tactic, the cybercriminals behind the latest attack targeting all users of Apple devices have honed their craft into a highly believable and demanding of action warning: your Apple ID is suspended.
Your Apple ID Is Suspended Scam Explained
With more than 2 billion active users of Apple devices, be that an iPhone, iPod, MacBook or anything else that requires the use of an Apple ID, it’s not really surprising that this technological demographic is a prime target for cybercriminals—especially given the broader picture of them being an affluent group given the costs of being within the Apple ecosystem. We’ve already seen scams sent to iPhone users claiming that their iCloud storage capacity is nearly full and, of course, offering an upgrade to anyone foolish enough to click the take action button. Now it’s a similar, but more urgent, threat that is being used as people want to flex their spending power during the Black Friday sales.
Increasingly composed by AI-driven implementations of criminal large language models, these fake emails are often extremely close to the real thing in appearance and tone if not intent. Like other AI-powered support scams, these highly-convincing frauds are designed with one thing in mind: getting the recipient to click on an action button that takes them somewhere that can steal their account credentials. Be warned that the hook will be just as convincing as the bait in most cases, sometimes complete with 2FA-bypass methodologies built into the attack.
In order to leverage as much fear as possible, the email will likely claim that Apple has noticed suspicious activity on your account, or that it has been outright hacked and so requires further action from yourself to protect it.
“Phishing scams like the Apple ID Suspended scheme are becoming increasingly prolific and under immediate urgency,” Jake Moore, a former digital crimes law enforcement officer and now global cybersecurity advisor at ESET, said, “many people are still manipulated by the clever tactics used by criminal hackers.”
Apple Offers Scam Protection Advice For All Users
“If you’re suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money,” Apple said, “it’s safer to presume that it’s a scam.”
Apple gives the following advice for users to identify a phishing attack:
- Scammers often mention personal information about you in an attempt to build trust and seem legitimate.
- Scammers will often convey a desire to help you resolve an immediate problem.
- Scammers usually creates a strong sense of urgency to avoid giving you time to think and to dissuade you from contacting Apple yourself, directly.
- Scammers will request your account information or security codes.
“Apple will never ask you to log in to any website, or to tap Accept in the two-factor authentication dialog, or to provide your password, device passcode, or two-factor authentication code or to enter it into any website,” Apple said.
“It is important to verify the sender’s email address for any discrepancies and avoid clicking on suspicious links as this is where scams often begin,” Moore concluded, “if you are ever in doubt of an Apple ID issue, go directly to the official Apple website to double check.”
As Retailers Ignore Full DMARC Protections, Apple Users Need To Stay Alert To Scam Risks
One of the anti-spam, and so also anti-scam, defenses I’ve written about a lot over the years is something called DMARC. The expanded version of that acronym is Domain-based Message Authentication, Reporting, and Conformance, which I won’t be using again for obvious reasons. A recent Proofpoint analysis of DMARC implementation across a number of leading retailers uncovered a worrying statistic as the Black Friday and Cyber Monday sales weekend descends upon us: only 60% used the most strict level of protection offered by DMARC. While a handful didn’t use DMARC protections at all, that retailer majority not implementing the most robust of anti-scam email measures is a concern. Why so? Because scammers and hackers will often use brand impersonation to fool shoppers into clicking a link that supposedly leads to a “too-good-to-be-true” offer and DMARC exists to fight back against such email domain trickery by providing strict authentication measures. “As with most things,” Matt Cooke, a cybersecurity strategist at Proofpoint, said, “if an offer seems too good to be true or cannot be verified as legitimate marketing you’ve signed up for, recipients should avoid clicking on any links.” DMARC authenticates a sender’s identity, and this is the crucial bit, before allowing a message to reach its intended destination. It does this using three levels of protection: monitor, quarantine and reject. Only the latter stops the phishing email dead, while quarantine sends it to your spam folder where it could still get picked up, read and potentially actioned.
Proofpoint advises all consumers should adhere to the following guidelines in order to remain safe over the Black Friday weekend:
- Avoid reusing the same password—use a password manager.
- Be wary of fake websites that imitate well-known brands.
- Remain vigilant for phishing emails that direct to unsafe websites aiming to gather personal data, such as login credentials and credit card details.
- Exercise caution with SMS phishing and messages received via social media.
- Refrain from clicking on links; instead, manually enter the known website address into your browser to access advertised deals.
- Confirm before making a purchase.
In addition to these guidelines, Adrianus Warmenhoven, a cybersecurity expert at NordVPN, said that consumers should:
- Only give as much information as needed: a legitimate website will only request details needed to make a transaction and ship your order.
- Monitor your bank statements: one of the best ways to ensure you aren’t being scammed is by monitoring your bank statements online or via mobile banking. Doing this allows you to not only keep track of purchases and costs but can also help you respond quickly in case you notice a suspicious transaction.
Your Apple iCloud Account Requires Immediate Attention
As I mentioned earlier, there are other phishing scams that specifically target Apple users, and one of these is known as the iCloud upgrade scam. This has been seen distributed by email and also using SMS text messages. The latter, if my inbox is anything to go by, has seen a return to favor among fraudsters of late. This is what Apple users need to look out for.
In many ways, this campaign is very similar to the Apple ID is suspended scam in that it instills a sense of urgency in the victim regarding a core Apple service. In this case, it’s your iCloud account, and the messages will either tell you there is a problem that needs to be addressed immediately or inform the recipient that their iCloud storage allocation is almost full and they can “click here” for a free upgrade.
As before, the messages will appear to come from Apple and appear to direct you to a genuine Apple site, but appearances can be deceptive, and most certainly are in this case. The site will be cloned, often protected by a CAPTCHA or similar system, and you will be required to confirm your login credentials before you can claim your “free” storage allocation or even find out what urgent matter requires your attention.
Also, as before, the target for the attacker is control of your Apple ID, which leads them to valuable data and, of particular import, as we fast approach the Black Friday to Cyber Monday long retail weekend, authorize purchases.
All the previous precautionary mitigations apply to this Apple scam as they do any other. Regarding the use of two-factor authentication, as already recommended, I would go one step further and suggest you consider changing your login methodology to that of an Apple Passkey if you are using the latest version of iOS. Whatever, please be careful out there.
Read the full article here
