Symantec researchers discovered a loophole in how iPhone users pair devices with Mac workstations and laptops, which they named Trustjacking4. Attackers can exploit this flaw to take over devices without the phone owner's knowledge, potentially gaining access to the user's smartphone screen, installing or removing apps, and triggering remote backups4.
Attackers make the phishing SMS seem legitimate by implementing a CAPTCHA for users to complete and directing them to a webpage that mimics an outdated iCloud login template2. Additionally, they use fear-factor wording such as "act now" and "important" to force people to act with greater success.
After iPhone users complete the CAPTCHA in the SMS phishing campaign, they are directed to a webpage that mimics an outdated iCloud login template2. On this page, attackers encourage users to hand over their Apple ID credentials, which can give them control over iPads and iPhones, access to personal and financial information, and potential revenue through unauthorized purchases.