SMS phishing scams have become a common technique deployed by hackers for duping innocent users. Now, a new SMS phishing scam is circulating on the internet. And this one is duping netizens by pretending to be an Apple chatbot.
According to a report by Sophos, scammers are duping innocent internet users into giving up the details of their bank accounts by pretending to be a chatbot by Apple. As per the report, scammers are sending SMSs with malicious links to smartphone users.
“The scam first shows you some cheery messages from a fake Apple chatbot to tell you why you – actually, to tell you why Christopher – had enough luck to be chosen to take part in an iPhone 12 trial, and then it invites you – actually, it invites Christopher – to join in,” the cybersecurity company wrote in a blog post.
In the following messages, the scammers who are pretending to be the Apple chatbot inform smartphone users that they have been chosen to be a part of the Apple 2020 Testing Program. In one of the subsequent messages, the scammer shares a link that opens a new window, which asks users to answer a bunch of questions about themselves. This is followed by another screen which informs users that their answers are being verified, following which they are asked to pick an iPhone.
“In case you’re wondering, the name-and-address answers above in part 3/5 don’t matter a jot. We tried clicking numerous different combinations and, unsurprisingly, the crooks let us through anyway,” the company cautioned.
The scam then involves the innocent users to confirm their purchase, enter their email addresses, and make payments for their purchase. When users add their card details, scammers get their personal data and their banking details, which in turn enables them to gain access to their personal accounts.
One of the best ways not to get trapped by such scams is to ignore or delete messages from unknown sources. Sophos security experts also recommend that users should avoid sharing their banking details. Additionally, the company asks users to look out for spelling errors and visual blunders.
Lastly, the company recommends using web filters and VPNs. “Consider a web filter…This helps you keep the bad stuff out, and helps your users keep the good stuff in, such as passwords and payment card numbers. Setting up a corporate VPN (virtual private network) means that users at home can browse securely back through the office network and enjoy the same protection that they’d have on the LAN at work,” the company added.