A security firm has issued a new warning for iPhone users regarding a sneaky SMS attack targeting Apple IDs. Symantec researchers have discovered a phishing campaign where attackers are sending malicious SMS messages to iPhone users in the United States.

The fraudulent SMS messages prompt users to visit a fake iCloud login page with a message stating, ‘Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services.’ To add credibility, the attackers have included a CAPTCHA for users to complete before redirecting them to a deceptive webpage mimicking an outdated iCloud login template, where users are tricked into providing their personal information to the attackers.

According to Symantec owner Broadcom, Apple ID credentials are highly sought after by cybercriminals as they provide access to iPads and iPhones, personal and financial information, and potential revenue through unauthorized purchases.

Apple’s strong brand reputation makes users more vulnerable to falling for deceptive communications that appear to be from Apple, the security firm cautioned. While Apple ID phishing attacks typically occur via email, SMS phishing, also known as ‘smishing,’ is on the rise.

Smishing attackers often limit access to their malicious websites to mobile browsers and specific regions to avoid detection. However, in this recent case, the malicious website is accessible from both desktop and mobile browsers, as noted by Broadcom researchers.

To protect against these new iPhone SMS attacks and the increasing targeting of Apple IDs, users are advised to remain cautious of any links embedded in text messages, especially from unknown sources. Global cybersecurity advisor at ESET, Jake Moore, warns that attackers are using fear-inducing language like ‘act now’ and ‘important’ to manipulate users into taking action, emphasizing the importance of vigilance when receiving unsolicited messages.