Our security people just circulated this CERT advisory:
Originally shared by Stephen Gunnell
Our security people just circulated this CERT advisory:
During the past few days, several researchers as well as McAfee Labs published reports about ongoing smishing campaigns that are aimed at stealing users Apple credentials.
Smishing is a specific kind of phishing that is using SMS messages instead of emails to trick the user into clicking malicious links. The most dangerous part of this attack is the fact, that users are not easily able to check the real URL behind a link and are more willing to click a link within a SMS message from a spoofed sender than within a suspicious email.
Siemens CERT recommendation:
• Do not click on links within SMS messages.
• Avoid logins within websites you reached through links. Always type-in the URL manually or use bookmarks that you have created manually after verifying the origin of the webpage.
• Please check regularly the connected devices through the Apple-ID website.
• Please take care of emails from Apple notifying you about new connected devices and logins from suspicious locations (if you receive such emails please contact us for further help).
• Please ensure that your mobile has the latest IOS version 9.3.3 or higher
All mobile devices are affected (currently the attackers are only targeting iOS-based devices but the smishing attack also works on Android and Windows 10 Mobile).
Our security people just circulated this CERT advisory:
During the past few days, several researchers as well as McAfee Labs published reports about ongoing smishing campaigns that are aimed at stealing users Apple credentials.
Smishing is a specific kind of phishing that is using SMS messages instead of emails to trick the user into clicking malicious links. The most dangerous part of this attack is the fact, that users are not easily able to check the real URL behind a link and are more willing to click a link within a SMS message from a spoofed sender than within a suspicious email.
Siemens CERT recommendation:
• Do not click on links within SMS messages.
• Avoid logins within websites you reached through links. Always type-in the URL manually or use bookmarks that you have created manually after verifying the origin of the webpage.
• Please check regularly the connected devices through the Apple-ID website.
• Please take care of emails from Apple notifying you about new connected devices and logins from suspicious locations (if you receive such emails please contact us for further help).
• Please ensure that your mobile has the latest IOS version 9.3.3 or higher
All mobile devices are affected (currently the attackers are only targeting iOS-based devices but the smishing attack also works on Android and Windows 10 Mobile).
Comments
Post a Comment