![\"iOS_Smishing_SMS\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/iOS_Smishing_SMS-300x179.png\")
<\/p>\nMcAfee Mobile Research recently found an active phishing campaign targeting iOS users via SMS messages. The message\u00a0tells users that their\u00a0Apple accounts have\u00a0been temporarily locked to trick them into accessing a phishing site and steal the real Apple credentials. Here is an example of an SMS message from this campaign:<\/p>\n
<\/p>\n
The message pretends to be an email using familiar fields such as FRM, SUBJ, and MSG. According to bit.ly, the shortened URL in the preceding message was created on July 27 and points to a PHP file in a hacked website:<\/p>\n
![\"iOS_Smishing_link1_done\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/iOS_Smishing_link1_done.png\")
\nThe PHP file redirects victims\u00a0to another hacked website with a web page that pretends to be from Apple and tells users that their\u00a0Apple accounts have been temporarily locked and that they need to \u201csafely\u201d re-confirm the account information by clicking on a link that appears\u00a0to go to Apple:<\/p>\n
![\"iOS_Smishing_FakeSite\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/iOS_Smishing_FakeSite.png\")
\nThe fake website also threatens victims\u00a0with the closure of their accounts if the \u201cverification\u201d is not done before a specific date (in this case July 28, which confirms that the campaign is active). The bogus notice\u00a0includes a message in red asking readers to mark the message as \u201cNot Spam,\u201d suggesting that this site was initially prepared to target users via email. Users who click on the link are\u00a0redirected to an “Apple” phishing site that will steal the credentials:<\/p>\n
![\"iOS_Smishing_Phishing\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/iOS_Smishing_Phishing.png\")
\nAccording to bit.ly, the shortened link in the smishing message has been clicked more than 1,700 times, mostly on July 27:<\/p>\n
![\"iOS_Smishing_clicks1\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/iOS_Smishing_clicks1.png\")
\nThe origin of most of the clicks is from the United States:<\/p>\n
![\"iOS_Smishing_clicks1_countries\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/iOS_Smishing_clicks1_countries.png\")
<\/p>\n
Another active campaign started on July 22 with the following SMS:
\nFRM:apps
\nSUBJ:New message
\nMSG:i>\u00bfUrgent!! <phishing_url>
\nIn this case, the campaign has archived almost 6,000 clicks, most of them on July 22:<\/p>\n
![\"iOS_Smishing_clicks2\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/iOS_Smishing_clicks2.png\")
\nAgain, most of the clicks are from United States:<\/p>\n
![\"iOS_Smishing_clicks2_countries\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/iOS_Smishing_clicks2_countries.png\")
\nPrevious campaigns (no longer active) offered\u00a0more specific messages about the suspension of an Apple account but always used the same email template (FRM, SUBJ, and MSG):<\/p>\n
FRM:<number>@text.att.net
\nSUBJ: New
\nMSG:i>\u00bfYour iTunes has been suspended until this process is completed <phishing_url><\/p>\n
Most of the time cybercriminals do not need advanced exploits and attacks to gain unauthorized access to systems or accounts. A phishing website and message can be enough to obtain credentials from victims and get full access to accounts.<\/p>\n
How can you protect yourself from this type of attack? In general be suspicious of any unwanted SMS messages from unknown numbers and think before you click. Do some research and save yourself a lot of grief.<\/p>\n","protected":false},"excerpt":{"rendered":"
McAfee Mobile Research recently found an active phishing campaign targeting iOS users via SMS messages. The message\u00a0tells users that their\u00a0Apple…<\/p>\n","protected":false},"author":462,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[76,214],"coauthors":[1104],"class_list":["post-51621","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybercrime","tag-mobile-security1"],"acf":[],"yoast_head":"\n