A new phishing campaign to steal Apple IDs and passwords is making the rounds on the Internet

As reported by Macworld, a new smishing or SMS phishing campaign has been identified by security researchers at Broadcom Like similar campaigns in the past, this campaign is designed to steal your login information, which can then be used to hijack your Apple account or other accounts on the best iPhone or best MacBook

Here's what you need to know about this new campaign, the critical red flags to watch out for, and how to protect your Apple ID from hackers

According to a new Broadcom report, this campaign begins with a fake text message targeting iPhone users

The message begins with "Apple important request iCloud" and contains the following link: signin authen-connexion info/icloud Potential victims are also prompted to sign in to their iCloud account to continue using the service

The domain used here (authen-connexion info) is not owned by Apple, and a more savvy user may immediately realize that something is wrong At the same time, Apple does not typically send messages about iCloud via text message Instead, the iPhone maker will send you an email if there is something wrong with your cloud storage

However, if you click on the link, you will be taken to a malicious site posing as iCloud There is another big red flag there though because you have to complete a CAPTCHA before you can log in But the company does not use CAPTCHA for authentication Instead, it uses Touch ID or Face ID But without those options, Apple requires a six-digit two-factor authentication (2FA) code to be sent to one of your devices

As expected, when you enter your Apple ID and password to log into this fake iCloud site, the hackers behind this campaign can steal your credentials From here, they can hijack and lock out your account, look for sensitive data stored in iCloud, or even steal your personal information with enough information

Phishing attacks can take many forms and are typically delivered via email, but can also arrive via text message For this reason, be careful when checking your inbox, messages, and social media profiles

Fortunately, however, there is some lethal evidence that the messages are not legitimate In this case, the hackers behind this campaign are trying to instill a sense of urgency by telling us that we must log in immediately or risk losing access to our accounts Hackers often try to prey on our emotions, but if we keep our cool when checking our inboxes and messages, we are less likely to fall for this kind of trick

You shouldn't click on links or download attachments in emails or messages from unknown senders, but if you think what you're seeing is legitimate, there are simple ways to make sure it is

To do this, take a closer look at the link itself This can be done by hovering over the text of the link or by right-clicking on the link, copying and pasting, and analyzing it further A simple web search can easily reveal the actual domain the company is using and compare it to the domain in the email or message

Another thing to watch out for is misspelled websites In most cases, however, you definitely do not want to log into your account from a link sent to you via text or email Instead, you should use your browser to navigate to the site or service yourself and log in that way

When it comes to keeping your Apple computer safe from viruses, you should consider using the best Mac antivirus software Macs have built-in antivirus software called XProtect, but paid antivirus software often comes with useful features such as VPNs and password managers

Phishing attacks are simple and do not require much effort Therefore, one should exercise extreme caution when checking messages and inboxes