By Alan Friedman

PUBLISHED: JUL 05, 2024, 7:46 PM

A new report published today states that the 1.46 billion active iPhone users worldwide are facing a cyberattack aimed at their Apple ID. The attackers use a phishing campaign sending emails and texts designed to look as though they were sent by Apple. These fake emails and SMS messages try to get the victim to click on a link to read an important notice about iCloud. Security firm Symantec discovered this month that the links lead to fake websites that demand recipients reveal their Apple ID number. Note that the fake website features a Captcha to make it look like a real site.

This demand might be couched with phrases that make it appear urgent that this information must be turned over which is absolutely false. Apple suggests that iPhone owners add two-factor authorization (2FA) to add an extra layer of security to their Apple ID. To access your Apple account with 2FA, a user will receive an SMS message with a special one-time six-digit code that must be punched in to access your Apple account.

Make sure to enable two-factor authentication for Apple ID|Image credit-PhoneArena

Once the bad actors change your Apple ID and password, they can lock you out of your iPhone, open your banking and financial apps, change the passwords, and drain your assets in the blink of an eye. With the two-factor authorization, you still should be able to lock out the attackers so they can't change the password to your Apple ID.

To enable two-factor authorization (2FA) for your Apple ID on the iPhone, go to Settings > [Your name] > Sign-in & Security. Tap Turn On Two-Factor Authorization and then Continue. Enter a trusted phone number (the number that will be used to send you the 2FA six-digit codes) and then tap Next. A code will then be sent to your trusted phone number.

Security firm Symantec said that it released its warning on July 2nd. The company said, "These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases. Additionally, Apple's strong brand reputation makes users more susceptible to trusting deceptive communications that appear to be from Apple, further enhancing the attractiveness of these targets to cyber criminals."

If you get an email or text from Apple, make sure not to click on any links. And don't forget to use the aforementioned directions to add 2FA to your Apple ID.

Alan FriedmanMobile Tech News Journalist

View Full Bio

Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. O