A new phishing campaign to steal Apple IDs and passwords is making the rounds on the Internet.

As reported by Macworld, a new smishing or SMS phishing campaign has been identified by security researchers at Broadcom. Like similar campaigns in the past, this campaign is designed to steal your login information, which can then be used to hijack your Apple account or other accounts on the best iPhone or best MacBook.

Here's what you need to know about this new campaign, the critical red flags to watch out for, and how to protect your Apple ID from hackers.

According to a new Broadcom report, this campaign begins with a fake text message targeting iPhone users.

The message begins with "Apple important request iCloud" and contains the following link: signin[.]. authen-connexion[.]. info/icloud. Potential victims are also prompted to sign in to their iCloud account to continue using the service.

The domain used here (authen-connexion[.] info) is not owned by Apple, and a more savvy user may immediately realize that something is wrong. At the same time, Apple does not typically send messages about iCloud via text message. Instead, the iPhone maker will send you an email if there is something wrong with your cloud storage.

However, if you click on the link, you will be taken to a malicious site posing as iCloud. There is another big red flag there though because you have to complete a CAPTCHA before you can log in. But the company does not use CAPTCHA for authentication. Instead, it uses Touch ID or Face ID. But without those options, Apple requires a six-digit two-factor authentication (2FA) code to be sent to one of your devices.

As expected, when you enter your Apple ID and password to log into this fake iCloud site, the hackers behind this campaign can steal your credentials. From here, they can hijack and lock out your account, look for sensitive data stored in iCloud, or even steal your personal information with enough information.

Phishing attacks can take many forms and are typically delivered via email, but can also arrive via text message. For this reason, be careful when checking your inbox, messages, and social media profiles.

Fortunately, however, there is some lethal evidence that the messages are not legitimate. In this case, the hackers behind this campaign are trying to instill a sense of urgency by telling us that we must log in immediately or risk losing access to our accounts. Hackers often try to prey on our emotions, but if we keep our cool when checking our inboxes and messages, we are less likely to fall for this kind of trick.

You shouldn't click on links or download attachments in emails or messages from unknown senders, but if you think what you're seeing is legitimate, there are simple ways to make sure it is.

To do this, take a closer look at the link itself. This can be done by hovering over the text of the link or by right-clicking on the link, copying and pasting, and analyzing it further. A simple web search can easily reveal the actual domain the company is using and compare it to the domain in the email or message.

Another thing to watch out for is misspelled websites. In most cases, however, you definitely do not want to log into your account from a link sent to you via text or email. Instead, you should use your browser to navigate to the site or service yourself and log in that way.

When it comes to keeping your Apple computer safe from viruses, you should consider using the best Mac antivirus software. Macs have built-in antivirus software called XProtect, but paid antivirus software often comes with useful features such as VPNs and password managers.

Phishing attacks are simple and do not require much effort. Therefore, one should exercise extreme caution when checking messages and inboxes.