Technology
New cyberattack targets iPhone, Apple IDs. Here's how to stay safe
Attention iPhone owners: A serious cyberthreat is targeting Apple IDs, and it’s more crucial than ever to be on your guard. Security experts from Symantec have uncovered a sophisticated SMS phishing campaign designed to trick you into giving up your valuable Apple ID credentials.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
The mechanics of the attack
Here’s how the scam works: hackers send out text messages that look like they’re from Apple. These messages urgently request that you click on a link for an important iCloud update or verification. Symantec’s research shows these links lead to cleverly designed fake websites that ask for your Apple ID and password. To make the site seem legitimate, the attackers have even included a CAPTCHA.
Once you complete the CAPTCHA, you’re taken to what looks like an outdated iCloud login page, where you’re prompted to enter your credentials. This information is gold for cybercriminals because it grants them access to your personal and financial data and control over your devices.
Below is an email version of this same scam to avoid. Note the strange email return address originating from a non-Apple account, riddled with dashes and strange characters.
The email scam can claim that a user’s iCloud storage is full. (Kurt “CyberGuy” Knutsson)
Apple’s response and protective measures
Apple is aware of these tactics and has guidelines to help you stay protected. First and foremost, enable two-factor authentication on your Apple ID. This adds an extra layer of security by requiring a password and a six-digit verification code whenever you log in from a new device.
Remember, Apple will never ask you to disable security features like two-factor authentication or Stolen Device Protection. Scammers might claim this is necessary to resolve an issue, but it’s a trap designed to lower your defenses.
An iPhone scam uses text messages. (Kurt “CyberGuy” Knutsson)
Spotting phishing attempts
Phishing scams can be sneaky, but there are ways to identify them. Look closely at the URLs in any suspicious messages. Although the message might appear legitimate, the web address usually won’t match Apple’s official site. Also, be wary of any text that deviates from Apple’s typical communication style.
Symantec highlighted a specific phishing message as part of their warning on July 2. The fraudulent SMS read: “Apple important request iCloud: Visit signin[.]authen-connexion[.]info/iCloud to continue using your services.” Odd characters and unfamiliar domains are clear indicators of a scam.
iPhone users should enable two-factor authentication on their Apple ID. (Kurt “CyberGuy” Knutsson)
Broader scam tactics and how to avoid them
These phishing attempts aren’t just targeting Apple users. People have reported receiving messages similar to those from companies like Netflix and Amazon, claiming account issues or expired credit cards. These messages also direct you to click a link and enter your personal information.
The Federal Trade Commission advises that legitimate companies will never request sensitive information via text. If you receive a message like this, contact the company directly using a verified number or website, not the information provided in the text.
7 SIGNS YOU’VE BEEN HACKED
How to protect yourself from Apple text and email scams
1) Always use strong antivirus protection on all your devices
This is perhaps one of the best investments you can make for yourself to protect yourself from phishing scams. Having antivirus software actively running on your devices will make sure you are stopped from clicking on any malicious links or from downloading any files that will release malware into your device and potentially have your private information stolen. Read my review of my best antivirus picks here.
2) Don’t take the bait
Scammers often use alarming language to provoke immediate action. Phrases like “act now” or “important” are red flags. Stay calm and skeptical of any unsolicited messages.
3) Enable two-factor authentication on your Apple devices
Implementing multifactor authentication on your Apple ID can greatly enhance your security. Always verify the source of messages that claim to be from Apple. If you’re unsure, manually log into your account through the official Apple website or your iPhone settings instead of clicking any links.
4) Keep software up to date
Regularly update your operating system, web browsers and antivirus software to ensure they are equipped to detect and prevent the latest threats. You can regularly check for these updates on your device’s settings app for software updates, and you can go to your App Store or Google Play Store (depending on the device you have) to check for updates on individual apps. Follow these steps here.
2 BULLETPROOF STEPS TO HACK-PROOF YOUR MAC
What should you do if you’ve clicked a link and installed malware on your device?
If you’ve been hacked, it’s not too late. There are several ways you can protect yourself from hackers, even when they have access to your information.
1) Scan your device for malware
First, you’ll want to scan your computer with a reputable and legitimate antivirus program. See my expert review of the best antivirus protection for your Windows, Mac, Android and iOS devices.
2) Change your passwords immediately
If you’ve inadvertently given your information to hackers or malicious actors, they could have access to your social media or banking accounts. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device, because the hacker might see your new passwords. Instead, you should use ANOTHER DEVICE, such as your laptop or desktop, to change your passwords. Make sure you use strong and unique passwords that are difficult to guess or break. You can also use a password manager to generate and store your passwords securely.
3) Monitor your accounts and transactions
You should check your online accounts and transactions regularly for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see signs of identity theft or fraud.
4) Use identity theft protection
Phishing emails target your personal information. Hackers can use this information to create fake accounts in your name, access your existing accounts and pretend to be you online. This can cause serious damage to your identity and credit score.
To avoid this, you should use identity theft protection services. These services can track your personal information, such as your home title, Social Security Number, phone number and email address, and notify you if they detect any suspicious activity. They can also help you freeze your bank and credit card accounts to stop hackers from using them.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. Read more of my review of the best identity theft protection services here.
5) Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.
6) Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
7) Restore your device to factory settings
If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original version. You should back up your important data before doing this and only restore it from a trusted source.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Kurt’s takeaways
As cyberattacks become increasingly sophisticated, staying informed and cautious is crucial. Protect your Apple ID and personal information by following Apple’s security guidelines and being wary of unsolicited messages. By taking these precautions, you can safeguard your devices and data from malicious actors.
Have you ever been a victim of a cyberscam? If so, what happened and how did you recover? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
Valve has announced the winners of the 2025 Steam Awards and, unsurprisingly, Hollow Knight: Silksong, took home the Game of the Year honors. It was also given the “Best Game You Suck At” award, which, I’m not sure if that’s a good thing or not. Given the relentless fawning over Silksong since its release in September, an event that nearly brought the entire digital video game distribution system to its knees, that it would win Game of the Year felt like something of a forgone conclusion.
The Best Game on Steam Deck was awarded to Hades II (an award we’d already unofficially granted it). The mechanics of Hades lend it to being played in short bursts, and the stylized graphics scale down well. Silent Hill f won the Outstanding Visual Style award and, while there’s no denying it’s a gorgeous title, I can’t help but feel like Dream BBQ, with its uniquely hallucinatory visuals, got robbed. Check out the full list of winners and nominees here at the Steam Awards 2025 landing page.
NEWYou can now listen to Fox News articles!
The University of Phoenix has confirmed a major data breach affecting nearly 3.5 million people. The incident traces back to August when attackers accessed the university’s network and quietly stole sensitive information.
The school detected the intrusion on Nov. 21. That discovery came after the attackers listed the university on a public leak site. In early December, the university disclosed the incident, and its parent company filed an 8-K with regulators.
The scope is large. Notification letters filed with Maine’s Attorney General show 3,489,274 individuals were affected. Those affected include current and former students, faculty, staff and suppliers.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
DATA BREACH EXPOSES 400,000 BANK CUSTOMERS’ INFO
The University of Phoenix data breach exposed sensitive personal and financial information tied to nearly 3.5 million people. (Kurt “CyberGuy” Knutsson)
What happened and how attackers got in
According to the university, hackers exploited a zero-day vulnerability in Oracle E-Business Suite. This application handles financial operations and contains highly sensitive data.
Based on the technical details shared so far, security researchers believe the attack aligns with tactics used by the Clop ransomware gang. Clop has a long track record of stealing data through zero-day flaws rather than encrypting systems.
The vulnerability tied to this campaign is tracked as CVE-2025-61882. Investigators say it has been abused since early August.
What data was exposed
The university says the attackers accessed highly sensitive personal and financial information. That includes:
- Full names
- Contact information
- Dates of birth
- Social security numbers
- Bank account numbers
- Routing numbers
This type of data creates a serious risk. It can fuel identity theft, financial fraud and targeted phishing scams.
700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS
Stolen University of Phoenix records could be used by criminals to launch targeted phishing and identity theft attacks. (Kurt “CyberGuy” Knutsson)
Nearly 3.5 million people affected
In letters sent to affected individuals, the university confirmed the breach affects 3,489,274 people. If you are a current or former student or employee, watch your mail closely.
These notifications often arrive by postal mail, not email. The letter explains what data was exposed and includes instructions for protective services.
We reached out to the University of Phoenix for comment, and a rep provided CyberGuy with the following statement:
“We recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform. Upon detecting the incident on November 21, 2025, we promptly took steps to investigate and respond with the assistance of leading third-party cybersecurity firms. We are reviewing the impacted data and will provide the required notifications to affected individuals and regulatory entities.”
Free identity protection is now available
The University of Phoenix is offering affected individuals free identity protection services. These include:
- 12 months of credit monitoring
- Identity theft recovery assistance
- Dark web monitoring
- A $1 million fraud reimbursement policy
To enroll, you must use the redemption code provided in the notification letter. Without that code, you cannot activate the service.
This attack fits a larger Clop campaign
The University of Phoenix breach is not an isolated case. Clop has used similar tactics in past campaigns involving GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo and Gladinet CentreStack.
Other universities have also reported Oracle EBS-related incidents. These include Harvard University and the University of Pennsylvania.
The U.S. government is taking notice. The U.S. Department of State is now offering a reward of up to $10 million for information linking Clop’s attacks to a foreign government.
Why colleges are prime targets
Universities store massive amounts of personal data. Student records, financial aid files, payroll systems and donor databases all live under one roof.
Like healthcare organizations, colleges present a high-value target. A single breach can expose years of data tied to millions of people.
MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA
Affected University of Phoenix students and staff should act quickly to monitor accounts and protect their identities. (Kurt “CyberGuy” Knutsson)
Steps to stay safe right now
If you believe you may be affected, act quickly. These steps can reduce your risk.
1) Watch for your breach notification letter
Read it carefully. It explains what data was exposed and how to enroll in protection services.
2) Enroll in the free identity protection
First, use the redemption code provided. Because Social Security and banking data are involved, credit monitoring and recovery services matter. Even if you do not qualify for the free service, an identity theft protection service is still a smart move.
In addition, these services actively monitor sensitive details like your Social Security number, phone number and email address. If your information appears on the dark web or if someone tries to open a new account, you receive an alert right away. As a result, many services also help you quickly freeze bank and credit card accounts to limit further fraud.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com
3) Use a data removal service
Because this breach exposed names, contact details and other identifiers, reducing what is publicly available about you matters. A data removal service can help remove your personal information from data broker sites, which lowers the risk of targeted phishing or fraud tied to the stolen University of Phoenix records.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
4) Monitor financial accounts daily
Check bank statements and credit card activity for unfamiliar charges. Report anything suspicious immediately.
5) Consider freezing your credit
A credit freeze can stop criminals from opening new accounts in your name. It is free and reversible. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.”
6) Be alert for phishing attempts and use strong antivirus software
Expect more scam emails and phone calls. Criminals may reference the breach to sound legitimate.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com
7) Secure your devices
Keep your operating systems and apps up to date, as attackers often exploit outdated software to gain access. In addition, enable automatic updates and review app permissions to prevent stolen personal data from being combined with device-level access and causing further harm.
Kurt’s key takeaways
The University of Phoenix data breach highlights a growing problem in higher education. When attackers exploit trusted enterprise software, the fallout spreads fast and wide. While free identity protection helps, long-term vigilance matters most. Staying alert can limit damage long after the headlines fade.
If universities cannot protect this level of sensitive data, should students demand stronger cybersecurity standards before enrolling? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
LG unveiled a whole new line of gaming monitors ahead of CES on Friday. The UltraGear evo line are all high-end monitors covering a range of technologies, but united by 5K resolution and AI upscaling.
The three flagships under the new branding are the 39GX950B, the 27GM950B, and the 52G930B. The first number in the model name indicates the size. The rest of the letters and numbers, well, I’m sure they mean something to someone.
The 39-inch GX9 is an ultrawide 21:9 5K2K dual-mode OLED screen. It can run at its full resolution at 165Hz, or jump to 330Hz for fast-twitch games at WFHD. The 27-inch GM9 uses “New” MiniLEDs, which promise to deliver brighter images compared to OLED, without the blooming often associated with MiniLEDs. Lastly, the 52-inch G9 is an absolutely massive curved display that delivers a 12:9 panoramic view at 240Hz in its native 5K2K resolution.
The GM9 model is particularly interesting since LG makes the panels for Apple’s Pro Display XDR, and word is that the monitor is finally getting a long-overdue update in the near future.
All three monitors will be on display at CES next month, but there’s no word on pricing or availability just yet.
Indiana H.S. softball coach orchestrated murder of ex-fiancé with the help of former player, says prosecutor
Iowa State picks up commitment from Arkansas State QB Jaylen Raynor
Kansas football transfer portal tracker: Jan. 4 developments for KU
Kentucky woman, 35, charged with homicide after using abortion pills then burying fetus in backyard
Louisiana Lottery Powerball, Pick 3 results for Jan. 3, 2026
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Kamala Harris blasts Trump administration’s capture of Venezuela’s Maduro as ‘unlawful and unwise’
US Republicans back Trump on Venezuela amid faint MAGA dissent
Who is Delcy Rodríguez, Venezuela’s leader after Maduro’s capture? | CNN
Trump says US will ‘run Venezuela’ after seizing President Maduro in military assault | BBC News
He can make anything out of toothpicks (1983)
-
Entertainment1 week agoHow the Grinch went from a Yuletide bit player to a Christmas A-lister
-
Connecticut1 week agoSnow Accumulation Estimates Increase For CT: Here Are The County-By-County Projections
-
World6 days agoHamas builds new terror regime in Gaza, recruiting teens amid problematic election
-
Indianapolis, IN1 week agoIndianapolis Colts playoffs: Updated elimination scenario, AFC standings, playoff picture for Week 17
-
Southeast1 week agoTwo attorneys vanish during Florida fishing trip as ‘heartbroken’ wife pleads for help finding them
-
World1 week agoSnoop Dogg, Lainey Wilson, Huntr/x and Andrea Bocelli Deliver Christmas-Themed Halftime Show for Netflix’s NFL Lions-Vikings Telecast
-
Business1 week agoGoogle is at last letting users swap out embarrassing Gmail addresses without losing their data
-
World1 week agoBest of 2025: Top five defining moments in the European Parliament