The attack relies on users not being careful and introducing their login details. These are then saved and scammers either takeover the accounts or sell them on the black market. SMS campaigns which promote phishing attacks are referred to as smishing campaigns. These are nothing new and scammers have used them before too. This recent attack didn’t stop at collecting just the Apple login information. After a user was fooled into supplying the initial details, he is then asked to enter Credit Card details and answers to various security informations that he most likely already has set up on his original Apple account.
While attackers might have people fooled with convincing looking replicas of Apple’s website, experts advise us to look for the following telltale signs of a scam:
-Apple never sends SMS to its customers
-Always check the domain name and its security certificate
-Enable two-step verification