According to Broadcom, phishing actors have been focusing more on Apple IDs lately due to them being widely used, giving them access to a large number of potential victims.
These credentials are extremely valuable as they grant control over devices, access to personal and financial information, and the potential for unauthorized purchases to generate revenue.
In addition, Apple's strong brand reputation makes users more prone to trusting deceptive communications that seem to be from Apple, which makes these targets even more appealing to cybercriminals.
Phishing campaigns have mostly been taking place through email, but there has been an increase in malicious SMS, also known as smishing. There was a recent case in the United States where an individual distributed harmful SMS messages.
Many users from social media platforms and forums have also reportedly receiving smishing messages which is usually accompanied with a malicious link for them to click.
An example of the observed malicious SMS read: “Your lost iPhone XR has been found by the Police Department Check the details. https://findmy-iphone-maps[.]com/tayo Sincerely, Apple Support”
Smishing actors often limit access to their malicious websites to users on mobile browsers and specific regions in order to avoid detection by monitoring systems.
However, in this case, the malicious website can be accessed from both desktop and mobile browsers.
They have added a CAPTCHA that users must complete to enhance the perception of legitimacy. Following this, users are directed to a webpage that resembles an outdated iCloud login template.
Phishing campaigns aimed at Apple IDs have been around for a while, but they have become more advanced. Cybercriminals take advantage of the trust users have in the Apple brand to create extremely convincing fake communications.
These messages frequently imitate official Apple notifications and prompt users to take immediate action to protect their accounts. Users frequently fail to recognize signs of fraud due to the urgency and familiar branding.
The use of CAPTCHA in the recent smishing campaign is quite concerning. CAPTCHAs are commonly employed to distinguish between human users and bots, providing a sense of authenticity to the deceptive website.
After users finish the CAPTCHA, they are redirected to a deceptive iCloud login page, where their login information can be stolen.