Protecting your Apple ID against malicious phishing attacks

Posted on by Mike Evans

Over the past few weeks there has been a nasty outbreak of phishing attempts to gain access to Apple IDs. Macs and iOS devices are relatively immune from many infections but the only antidote to phishing is common sense.

The example on the right, which I received yesterday, is a pretty poor example of the genre and is relatively easy to phish out.

The account ID quoted in this case is not my Apple ID and this is a direct giveaway. But recently I have had more plausible emails, some using Apple layout and colours and, if I didn't know better, I could have fallen into the trap. I reckon I have received around ten of these fraudulent messages in the past month. 

The criminals behind this sort of email have one objective: To trick you into entering your Apple ID and password. They then have access to your iCloud records, your computers and phones and, more importantly, to your credit card which you lodged with Apple. Their objective could be relatively restrained, such as gaining access to your address book for further phishing activities, but you can never be sure.

The advice is simple: Never follow a link in an email. If you get this sort of message and are unsure, the safe course of action is to go to Safari and log in to using your credentials. If there are any problems you can sort them out there. 

Apple IDs have become ever more important as Apple adds services to cover many aspects of your life. That's why it is vital to have a strong password, however annoying it is to have to enter it frequently. Yet even the strongest password is useless if you voluntarily offer it to the phishers.

You can also protect yourself by adding two-factor authorisation to your Apple account. Essentially, this means that you will receive a transaction code text message on your phone and this code must be entered to validate a transaction or any change of details relating to your account. It is undoubtedly an extra fiddle and can be annoying, but in these days of ever more sophisticated attacks you really do need to protect your assets.