iPhone iMessage Scam Targets iTunes, App Store Login Details
iPhone users are being warned about a new iMessage scam that tries to steal users' log-in details for their iTunes and App Store accounts. The credentials are then used by the criminals to log in to iTunes and the App Store to make purchases.
The scam starts when users receive a message saying that their "iPhoneID" is about to expire. They are then told to click on a link to "prevent loss of services and apps." Users are asked to provide their Apple ID username and password.
Once they provide their login credentials, these are saved by the criminals for later use. This could then serve as a gateway to mine more private data, make purchases using the victim's account, or even blackmail the victim.
However, most Apple users are already aware that "iPhoneID" is an immediate red flag that the message is a scam given that there is no such thing. Apple would also never ask users to input their log-in credentials to third-party websites and has advised users to be aware phishing scams such as these.
Phishing is the act of obtaining sensitive information such as usernames, passwords and credit card information using a fake message or website of a reputed entity. Most often, people are tricked into providing their private information using email spoofing or instant messaging.
Apple has stated that if users receive such a text in iMessage, they need to take a screenshot and send it to imessage.spam@apple.com. If the message came from someone not on the user's contact list, they can also use the "Report Junk" option under the message, which will forward the text and sender's information to Apple.
However, if the scam is sent via SMS, the Federal Trade Commission has a website to help users report text message spam. Users can also forward the original message and send it to their respective carriers using the number 7726 (SPAM) free of charge.