Apple has issued emergency new guidance for all iPhone users to protect themselves following a cyberattack that targeted more than a billion devices last week.

Apple warned users that hackers use “social engineering” tactics, i.e. pretending to be representatives of the company to gain access to valuable personal information such as login credentials, security codes and financial information.

As a first step, if they haven’t already enabled it, iPhone owners should set it up two-factor authentication which requires a password and six-digit verification code to access their account from an external device.

Apple noted on its support page that fraudsters may also ask iPhone users to turn off features such as two-factor authentication or stolen device protection.

“They will claim that this is necessary to stop an attack or to allow you to regain control of your account,” the tech giant said. “However, they are trying to trick you into lowering your security so they can carry out their own attack.”

The company points out that users should look at the sender’s email or phone number to see if it matches the company name, and if the email address they use to contact you is different from your account.

Other methods include checking to see if the URL link they sent matches Apple’s website, if the message looks different from others you’ve received from the company, and if it asks for personal information such as your account password or phone number. credit card.

If a user receives a suspicious call, they should immediately hang up and call Apple directly to verify the alert they received, or they can report scam calls to the US Federal Trade Commission or local law enforcement.

Apple’s warning comes just a week after fraudsters used phishing SMS tactics in which they sent iPhone users fake messages and urged them to visit a link for an “important request” about iCloud.

California-based security firm Symantec discovered the attack this month, warning that the links lead to fake websites that solicit users to submit their Apple ID information.

The company released the warning on July 2, noting that it noticed a malicious SMS circulating that read: “Important request from Apple iCloud: Visit the[.]authen-connection[.]info/icloud to continue using your services.”

Symantec said the hackers added a CAPTCHA security system to the fake site to make it look legitimate, which once completed, would lead users to an outdated iCloud login profile.

“Phishing actors continue to target Apple IDs due to their widespread use, which provides access to a huge pool of potential victims,” ​​Symantec warned last week.

“These credentials are highly valuable, providing control over devices, access to personal and financial information, and potential revenue from unauthorized purchases.”

Apple clarified that its support representatives they would never send users a website link to sign in, nor will they be prompted for their device password or two-factor authentication code.

“If someone claiming to be from Apple asks you for any of the above, they’re a scammer. Hang up or otherwise end contact with them,” Apple points out.