By Glenn Fleishman | Macworld
Earlier on Monday, my wife let me know that “Apple Support” had called about iCloud security. She was dubious, and rightly so. “Apple” then called five more times (and counting). Suffice it to say, it wasn’t Apple, but fraudsters trying to piggyback on reports that a major breach of iCloud credentials could render hundreds of millions of accounts vulnerable.
Apple says no such breach occurred, and security researchers, like Troy Hunt of HaveIBeenPwned.com, say the group trying to extort Apple likely has reused credentials from other sites’ password leaks. (We recommend turning on two-factor authentication at iCloud regardless.)
However, media reporting an potential iCloud security failure makes unsolicited calls claiming to be from Apple more credible. My wife wasn’t taken in, but also didn’t immediately dismiss the call. She hung up, and then told me about it. We have Apple devices and both use iCloud, and we have regular issues with iCloud not working precisely as we expect.
“Many cyber-security threats require action on an individual’s part to be triggered. Ironically, many of these phishing scams rely on the fear of a breach of personal information or threats to security of that information. It is of the utmost importance that individuals take the time to confirm sources of links and phone calls prior to acting on them.”