Apple issues tips on avoiding phishing scams amid new SMS threats

Apple has updated its security support document to provide iPhone, iPad, and Mac users with tips on recognizing and avoiding social engineering schemes, such as phishing messages and fake support calls.

This comes in response to recent "smishing" attacks targeting Apple IDs, where malicious actors send SMS messages attempting to steal Apple ID usernames and passwords via fake iCloud websites.

Apple's guidelines emphasize the following:

• Ignore messages with suspicious links.
• Apple will never ask for Apple ID passwords or verification codes.
• Users should contact Apple directly rather than responding to suspicious messages or calls.
• Apple will not request users to log into websites, enter two-factor codes, or disable security features like two-factor authentication or Find My.
• Personal data and security information should not be shared or entered into untrusted webpages.
• Keep Apple ID secure with two-factor authentication and up-to-date contact information.
• Avoid using Apple Gift Cards for payments to other people.
• Download software only from trusted sources and avoid clicking on links or saving attachments from suspicious messages.

Apple advises users to watch out for scare tactics used by scammers, such as warnings about stolen personal information or unauthorized charges. Users should not enter login information or security codes on websites accessed through links in texts or emails.

Additionally, Apple warns against downloading unsafe software and configuration profiles, and advises ignoring and closing pop-up messages.

For more information, Apple has provided detailed instructions on spotting social engineering schemes and how to report suspicious communications.