Google recently claimed that the iPhone was less safe than an Android smartphone, which can be filed under Mandy Rice-Davies Applies, or MRDA for short. Some Apple aficionados, not me, I should hasten to add, were probably laughing when Google then confirmed a bunch of scams facing their users. Such an attitude is always poorly reasoned, and often soon comes back to hit the cat-caller. Here’s an example: iPhone users are currently being warned by national security agencies that a Find My scam is in the wild that could prove costly and expose their Apple ID credentials.
Do Not Reply To This Find My iPhone Message
According to a warning issued by the Swiss National Cyber Security Center, iPhone users need to be alert to a new scam that is doing the rounds — and that means all iPhone users, wherever they might be.
“iPhone owners have received a text message claiming that their lost or stolen device has been found abroad,” the NCSC warning advised, “months after it went missing.”
The scam is a relatively simple one and, like most such attacks, relies upon leveraging knee-jerk reactions to news, good or bad. In this case, the news appears to be very good indeed. Having lost their iPhone, often weeks or months beforehand, the threat actors involved are sending compelling text messages to the owners that claim the smartphone has been found overseas. These messages, which appear to come from Apple itself, include details of the lost device. These details, the NCSC said, can be read directly from the iPhone itself and include model, colour and storage capacity.
Of course, there’s always a link, and with the Find My attack, it promises to reveal the precise location of the missing iPhone. That promise is not upheld; instead, clicking the link will take the user to a cloned Apple website and an Apple ID account credentials login page. “If you enter your Apple ID and password on this fake website,” the NCSS said, “you are giving the scammers full control of your account.”
How To Protect Against This iPhone Message Scam
The NCSC recommended iPhone users ignore all such messages, as Apple will never contact you by text message or email to let you know a lost device has been found. “If you lose your device,” the warning advised, “act immediately: enable Lost Mode straight away via the Find My app on another device or at iCloud.com/find. This will lock the device.”
You should also be wary of the details you display on your lock screen, such as contact details. These can be used by attackers to add credibility to any scam they might try to pull off. Instead, the NCSC said you should “use a dedicated email address created specifically for this purpose.”
Oh, and always make sure your iPhone SIM card is protected by a PIN to prevent a thief from getting access to your phone number to initiate such a scam in the first place. Be safe out there.
Read the full article here
