The new cyberattack targeting iPhone users is a phishing campaign aimed at obtaining individuals' Apple IDs2. Cybercriminals send text messages that appear to be from Apple, attempting to steal personal credentials. This attack is known as "smishing," where criminals use fake text messages from reputable organizations to lure people into sharing personal information.
Cyber criminals are executing the phishing campaign by sending text messages to iPhone users in the U.S. that appear to be from Apple. These messages attempt to steal victims' personal credentials by encouraging them to click a link and sign in to their iCloud accounts. The link directs recipients to a fake iCloud login page, where their Apple ID credentials can be compromised.
Apple IDs are considered valuable by cyber criminals because they provide access to a vast pool of potential victims, control over devices, personal and financial information, and potential revenue through unauthorized purchases. The strong brand reputation of Apple further compounds the issue, as users are more likely to trust communications that appear to be from the tech giant, making it easier for cybercriminals to deceive users into divulging their credentials4.