Turns out this was indeed a much wider scam than we’d anticipated, with subsequent coverage from The Independent and PhoneArena highlighting large swathes of users on Twitter posting questions about suspicious text messages they’d received from “Apple”. The reports also point out a fatal flaw in the scam; the fact that Apple ID’s never technically “expire”, they are either deleted directly by the user or put into Apple’s big digital archive for possible later revival. As with all such things, Apple officially advises that users should never give out their account password, credit or debit card information, or any other personal information, and unless you’re in a shop with an Apple Genius the firm will likely never ask for this information, so you can be sure that if it does, it’s probably not Apple!
We noticed a few friends and colleagues on Facebook talking about this, so thought there’d be no harm, and perhaps some significant benefit, in doing a bit of a public duty and revealing a phishing scam that seems to have surfaced in the last few days and is currently doing the rounds with at the very least some UK iPhone users (and possibly in other regions too).
Essentially the scam involves receiving an SMS text message pretending to be Apple and claiming that your Apple ID and/or iTunes account has been deactivated, and that in order to prevent this you must follow the supplied link. So far we’ve seen two different links provided in the same text message format shown in the above image, one to “http://mysecureicloud.com” and the other to “http://myituneslogin.com” – we can confirm at the very least that the second one is not legitimate; the domain was registered a mere two days ago by an owner that has no relation to Apple whatsoever. Given the circumstances we think it’s pretty clear the first domain is also going to be illegitimate too. So far we have heard of at least three confirmed instances of these scam texts in the last week or so.
If you have already followed the links and entered your private information, we recommend that you immediately go to https://appleid.apple.com/ and reset your password. Sadly, as is often the case with such scams, the culprits hide the phone numbers sending the messages, so although you can report that you have received a scam text to Apple or a local authority, without a phone number to follow up on there’s probably not a lot they can do about it.
Have you received one of these texts? Let us know in the comments below.