Apple ID verification codes coming from FAKE Apple SMS Number

Praty52 wrote:

Just go now to the Apple Company to give it your Phone to the company and say them all your problems and then see it they will find it the real culprit who is behind of all Fake S.M.S who is sending you all types of Junk mails please do not worry sir your tension is now Apple Company Matter they will help you in any matter as Mr. chase_ daniel . This is your Adviser from Country of India as Mr. Pratap Roy .

Apple is not a law enforcement agency. The will not find out who is behind a fake SMS.

Lawrence Finch wrote:

It's better to switch to Apple's 2 factor authentication, which does not go over SMS at all.

The default two-factor authentication path for the codes doesn't use SMS, but the person initiating the authentication request can ask that SMS text messages be used. Unfortunately, recipients don't have control over that detail, either. (If you know a way to disable that, do please let me know!) Which means that the authentication requests can run afoul of the aforementioned SMS vulnerabilities.

I've used the SMS path for those codes, too. Sometimes iMessage has gotten itself... tangled.

There've been more than a few cases of social engineering against the cellular carriers, too. Which means not using a widely-known telephone number as your trusted number for SMS, too.

Hence my expectation that we're headed toward not-SMS and not-cellular-based implementations.

Please ignore chase_daniel. Just a common troll with false info.

Mr. chase_ daniel try to inform this problem to the Apple Company and give it your Phone to them for investigation of your phone .So the Apple Company will figure out who is in this who the person making you trouble on your Phone just

take my advice .Please sir take your phone to the apple Company and say them that i get this fake S.M.S from Apple Company and i do not know what step i should take it .So i bring it my Phone with me i want it that you keep it my phone for investigate that who that person who is sending to this person all types of fake S.M.S .So on later the company of Apple will find it the Culprit who is sending to you the Fake S.M.S .then you see it the Result sir .You will never be get disturbed from this Fake person who is sending you this Fake S.M.S to your phone .Please sir please do not worry at all

Apple Company will help you in any matter .Please do not get depress at all you will get the perfect result and then you will get it the perfect Phone with secure security system will be make install in your phone like Kaspersky Antivirus Program and your phone will not going to accept it any more Fake S.M.S from any unknown person as like from your Country or any other Country as Mr. chase_ daniel please get relax . Just go now to the Apple Company to give it your Phone to the company and say them all your problems and then see it they will find it the real culprit who is behind of all Fake S.M.S who is sending you all types of Junk mails please do not worry sir your tension is now Apple Company Matter they will help you in any matter as Mr. chase_ daniel . This is your Adviser from Country of India as Mr. Pratap **** .

<Personal Information Edited by Host>

There were some misdirected iMessage messages happening a while back (not SMS), and it's possible your telephone number might have been associated with somebody else's (former) account (if your number is new to you), but as for SMS, that 504-72 certainly looks to be a short code used by Apple.

If you weren't doing something that would have triggered a two-factor short message, ignore it. If you're getting more than the usual verification code and usual text — maybe some URL that the sender wants you to click on — then somebody's probably (unfortunately) forging that data and directing you to a web site that's pretending to be Apple, and trying to phish for your credentials.

Most of the spam calls folks are getting these days are "originating" from spoofed telephone numbers. Coincidentally, I received one of those recorded spam calls as I was entering this reply. With a bogus source number.

At best, AT&T might look into this. But probably not. Two-factor authentication via SMS is known to be insecure, and the US NIST standards folks are explicitly discouraging the use of SMS for two-factor authentication. Maybe call the US FCC or your particular country's equivalent telecommunications bureau, or your legislative reps?

Until SMS is reworked to better secure it and the SMS servers then tested and deployed, it'll be vulnerable. Cellular towers aren't all that secure, either — spoofed cell towers were common in previous years in Las Vegas, during some of the well-known security conferences held there. (Same for spoofing Wi-Fi, and I've personally encountered spoofed Wi-Fi in Las Vegas.) I'll expect to hear that more spoofed towers are around this year, too.

I'm getting the two-factor codes via iMessage, which may or may not be more secure, but it's not vulnerable to the same problems as AT&T SMS. Longer-term, we're probably headed toward key fobs or some other other second factor for authentication. (Here's a discussion of better securing gmail using a hardware token, for instance.)

Nobody here represents Apple or AT&T, so you'll not get an official answer from us, nor a particular confirmation.

And if you know a better way to solve these problems, there's money to be made.

Good response. To expand on it, SMS goes over the worldwide SS7 signaling network, which is very easy to hack as it is not encrypted. It dates from the days when the network was behind physical firewalls. And short codes are easy to forge also.

It's better to switch to Apple's 2 factor authentication, which does not go over SMS at all.

chase_daniel wrote:

I was specifically requesting them from this website via direct access...

Apple doesn't follow postings here. We're users. Like you.

Clearly code injection or something similar is in full force on apple.com.

if it's Apple sending the codes, then it seems more likely that somebody keeps trying to access your Apple ID.

If it's spam or phishing spoofing that sending address, then it could be anybody that's inclined to misbehave on or connecting into the AT&T network.

In general, there's been a long history of shady and sketchy anti-virus and anti-malware providers. But that's not relevant to whether or not you're getting verification codes in error, or due to phishing, or otherwise. Those SMS messages are fodder for discussions directly with AT&T and Apple.