iMessage Phishing Scam Wants to Steal Your ‘iPhone ID’

It’s no secret that in today’s digital age of iPhones and the internet, scammers and nefarious actors run rampant, trying every which way to fool the unwitting user into blindly providing their most sensitive login credentials or other relevant information. We’ve seen tons of these scams come to light in recent years, and we certainly don’t expect them to slow down anytime soon. It’s crucial that we always take caution when responding or reacting to questionable texts, emails, or phone calls — especially when they seem so ostensibly fishy.

Earlier this week, the latest of such scams was brought to light by Reddit user, Gh0sta, who started a new thread in which he addresses the existence of a new phishing scam targeting iPhone users via iMessage. The Reddit thread has since gained quite a bit of traction, and BGR reported that multiple readers had sent in emails indicating they’d received one of the texts themselves.

What appears to be happening, as you can see in the image above, is that unsolicited messages are being sent via SMS to iPhone users, warning them that their “iPhone ID is due to expire today,” and that in order to “prevent loss of services and apps,” they should click the link provided in the text. Perhaps unsurprisingly, the link will lead to a remote web portal where the user is then asked to enter his or her Apple ID login credentials — opening the door to having all of their information stolen.

To most of us, a text message like this is sure to come off as an obvious scheme — especially since we know full-well there’s no such thing as an “iPhone ID.” Others, however, might receive this message or one like it and automatically fall victim by entering the data without hesitation.

What’s particularly interesting about this scam is that while the messages are sent via SMS to iPhone users, they will appear in our inboxes as an ‘iMessage’ with the typical Blue and Gray bubble sequence — and therefore, to some of us, the message itself might appear to be from someone with an iPhone, someone we know, or at the least a “credible source” we can trust.

Unfortunately, it’s from anything but “a credible source,” and so we can’t emphasize enough how important it is to be on the lookout for texts like this — and delete them immediately if you ever do. We also recommend sharing this latest threat with anyone and everyone you know, especially those who may not be as tech-savvy and ‘in the know’ as yourself.