Phishing scam targeting iCloud users through text messages

If you have an iPhone, then you know your iCloud login information is important. It holds the keys to email passwords, bank info and pictures. However, scammers have figured out a way to con people into handing it over for free.

It's one of the latest phishing scams, this time targeting iCloud users through text messages like these: "Apple important request iCloud: Visit signin.authen-connexion.info/icloud to continue using your services."

"The older generation that might not be as tech-savvy, they get very scared and when you see things that your account is going to be locked out or 'hey, we're sending you this text to make it more secure,' they're basically borrowing the trust of large organizations," cybersecurity expert Anthony Mongeluzo said.

READ: Spam calls, robotexts on the rise as 2024 election gets closer – Here’s how you can help prevent it

The link takes users to a site that looks just like iCloud's login page. Unsuspecting victims may not know it, but by entering their email and password, they're essentially handing over the keys to their phone, email and more.

The tech site broadcom.com was the first to issue a warning about the scam last Tuesday, but the fake site was still active as of Sunday night. However, it's now since been shutdown. 

As Mongeluzo explained, government agencies are getting better at shutting down fake sites sooner and victims are getting better at reporting them, but it's not always easy.

"In most cases, these criminals don't get caught. It's their hidden identity on the web all around the world, and they're hiding behind virtual private networks, firewalls and all sorts of other devices where the good ones, they're very tough to trace, if traceable at all," Mongeluzo said.

MORE: Possible cyberattack against Florida Department of Health halts funeral home services across the state

To best protect yourself, Mongeluzo said you should enroll in two-factor authentication for iCloud, making it so they can better identify who you are, never use the same password for all of your accounts and make sure the web address in the link ends with the company's actual site like Apple.com not connexion.info.

"The two-factor authentication helps greatly. The problem is most people don't set it up. People think it's too complicated. They don't want the hassle and I beg people, I beg people in my industry, you need to have two-factor on everything," Mongeluzo said.

WATCH FOX 13 NEWS:

SIGN UP: Click here to sign up for the FOX 13 daily newsletter

Crime and Public SafetyTechnology