Apple warns about tricks to take over Apple ID.

A widespread phishing attack could target iPhone users as hackers impersonate Apple to steal login information.

Last week, security company Symantec issued a warning about a new attack, luring users to fake websites and asking for Apple ID information. "These credentials are very valuable. They allow bad actors to take control of devices and access personal and financial information," Symantec said.

Accordingly, crooks send emails and messages designed to look like they were sent by Apple, trying to get victims to click on links to read important notifications about iCloud. The messages often read: "Important Apple request for iCloud: Go to signin[.]authen-connexion[.]info/icloud to continue using your service." To catch users off guard, scammers also design Captcha to look like the real website. After clicking the link, iPhone users are redirected to a website that resembles the iCloud login interface.

In the announcement on the homepage, Apple notes that crooks can ask iPhone users to turn off features such as two-factor authentication or protect the device when stolen.

"Fraudsters say this is necessary to help prevent an attack or allow you to regain ownership of your account. But don't believe it, they are just deliberately tricking you into turning off your security fence to make it easier for you to easy to attack. Apple never asked you to do that," the company wrote on its blog.

iPhone 14 Pro (black) and iPhone 14 Plus (purple).

According to PhoneArena, once a user enters information into the fake link, the Apple ID and password will be captured. Thieves can change passwords, remove user controls from iPhone, access banking applications and then appropriate money.

With two-factor authentication (2FA), users can prevent the risk of changing their Apple ID. To enable this feature on iPhone, you can go to Settings -> Account name -> Login and Security -> Turn on two-factor authentication, after pressing Continue, iPhone will ask to enter a phone number to receive 6-digit authentication code.

In addition to Apple, crooks also impersonate popular companies such as Netflix and Amazon to trick users. Security experts warn that if users receive any messages or requests related to personal information, they should absolutely not follow them or click on any links. Companies never ask users for financial information via text message.