
Jaron Bradley, director of Jamf Threat Labs, explained how Mac users should approach this new attack vector. “Users should never enter their iCloud credentials outside of the official Apple website. They should also be cautious when encountering flashing warnings that prompt them to call a phone number to resolve a supposed threat. These calls often lead to scammers who promise to fix a fake issue in exchange for a fee and credit card information,” he wrote.
Open up
He’s right, because once criminals get your code, they can access your iCloud data (if left unencrypted). They can, in theory, then also infest your iCloud with the kind of scary surveillance software SpyX sells, instantly crafting a backdoor to your digital existence.
Rogue nations in which iCloud data cannot be encrypted, (not that we know who they are), leave their populations wide open to such attacks, closing the best door to protect against them.
This story originally appeared on Computerworld 


