Apple reminds people how to stay secure following recent attacks

2024 has been filled to the brim with phishing and Apple ID attacks (including a by-text iCloud phishing scam that just arose today and the very first trojan horse attack against iPhones (dubbed 'GoldPickaxe')), and we only just finished the first half of the year (oh, and that's unbelievable that we're already on the second half of 2024, right?)! Because of this, Apple has just reminded users about how to stay secure, with 18 tips and things to look out for (condensed by me from 29) in all (8 for preventing scams, 7 for identifying scams, and 3 for doing something about a scam). Anyway, let's get on with the tips!

The first category is preventing scams. Here are the tips!

• Never pay someone with any gift card (including an Apple Gift Card).

• Never answer suspicious calls/messages which look like they're from a trusted company like Apple (especially a bank).

• Never give your Apple ID password or Apple ID verification codes (or any other verification code, for that matter) to anyone, not even people claiming to be Apple Support (the real Apple Support never asks for info like this). Also keep contact info updated and secure and use 2-factor authentication (2FA).

• Never open links/attachments or save attachments in messages/emails that look unsolicited/suspicious.

• Think of Apple Cash messages to and from you like any private transaction. Also, read this Apple Support document (https://support.apple.com/en-us/102406) to learn to know when App/iTunes Store purchase emails are legit.

• Download software only from trustable places.

• Go to https://www.apple.com/privacy/control/ to learn about keeping secure.

• Never share personal/security information like verification codes or passwords Never follow someone's directions to enter personal/security information into a website either.

Now that those tips are done, let's move on to signs to look for when identifying scams!

• Scammers like to show a desire to fix an urgent problem (like someone tracking your location unauthorizedly).

• Scammers might ask you to disable features like 2FA because, for example, "if you disable Stolen Device Protection, you'll protect yourself from further unauthorized location tracking". This is a trick, and Apple never asks you to do anything like this.

• They most of the time like to threaten you away from calling Apple, for example by saying that "you can call Apple if you want, but the location tracking won't be stopped, and you'll be the one liable for the tracking".

• If a call (even one that is, according to the phone number, from a known company like Apple) seems suspicious, hang up and call that company yourself.

• Scammers like to befriend you before performing the big attack, especially by talking about personal/security info they already know.

• At the end comes what the scammers are waiting for, getting your personal/security info. At this final step, they often give you a link to a sign-in website (something Apple never does) seeming to be a sign-in page from a known company like Apple and tell you to verify yourself (Apple never asks you to say Accept in a 2FA dialog or give them/enter your Apple ID password, 2FA code, or device password).

• Another tactic in a scammer's arsenal is texting/emailing you to tell you you need to give away personal/security info. If one or more of these things are true: a message is much different in design than other messages from the same company (like Apple), a message carrying an attachment is unsolicited, the message sender's email address or phone number does not match the company that the sender appears to be in, the message wants you to give personal/security info, a link URL does not match the website of the company that it appears to be part of, or the phone number or email address the sender used to send the message to you is different than the phone/email you gave to the company being impersonated.

Now that you know what a scam call, email or text looks (or sounds for calls) like, let's see how to do something about scams! Here are the tips!

• Forward suspicious emails to reportphishing@apple.com, and for messages send a screenshot to the same reportphishing@apple.com. Or you can say a message or email is worthy of the title of junk (with messages, you can block unknown senders or specific numbers as well). Any abuse-containing email should be reported to abuse@icloud.com.

• For suspicious FaceTimes, tap the "i" next to the suspicious FaceTime, take a screenshot of the call info that appears, and then send it via email to reportfacetimefraud@apple.com. For suspicious FaceTime links, take a screenshot of the link (make sure it has the email/phone of the link sender) and email it to the same reportfacetimefraud@apple.com.
  

• Report scam calls to local law enforcement (or, in the US, report them to the Federal Trade Commission at reportfraud.ftc.gov).

Now you know how to protect yourself from scams! Bye!

By Leo