As always, these crooks are constantly on the lookout for opportunities to trick you into forking over some of your hard-earned cash. Once people get wise to their tricks, scammers tweak them to become even more deceptive. And their creativity knows no bounds. Take this tricky new iPhone scam that’s currently making the rounds. It’s so cleverly done, you might fall for it if you’re not careful.

New iOS phishing connects you to “Apple Care”

For years, we’ve been warning you not to fall for email phishing scams. That’s when scammers send you an email with a malicious link or attachment that takes you to a real-looking but phony website. This new phishing scam that’s targeting iOS users, however, has a new twist. As Ars Technica reports, scammers are now using a fake Apple website that cleverly displays a system pop-up box that prompts you to call a real phone number. If you bite the bait, that “support” phone number leads to another very popular trick – the infamous tech support scam.

What to watch out for

As usual, this phish starts with an email. Targeting email addresses linked with Apple’s iCloud services, the message contains a “critical alert,” warning you about a blocked sign-in attempt on your Apple account. This alarming email typically has this as its subject line, “(username), Critical alert for your account ID XXXXX.” It then scares you into believing that “someone just used your password to sign in to your profile.” If that’s enough to rattle you, the email conveniently provides a link for you to “Check Activity.” You probably know where this is going, right? That “Check Activity” link will lead you to a fake website that convincingly mimics an “Apple Support” page. The support page brings more “bad news” – your iPhone apparently has been locked due to illegal activity. Oh no! Clever JavaScript code on this fake page will then initiate a pop-up dialog box on your iPhone, prompting you to call a specific 1-800 support number for help from “Apple Care.”  (On other Apple gadgets like iPads and Macs, this box will attempt to start a FaceTime call instead.) If you do fall for it and call the fake “AppleCare” number, it will connect you to an India-based “support tech” who will attempt to steal your sensitive information. (In Ars Technica’s example, they were greeted by “Mr. Lance Rogers from Apple Care.”) In most cases, these scammers will also try and convince you into signing up for expensive “mobile management services” so they can install malicious apps on your phone and wring your pockets dry on a regular basis. The tech support scam is one of the oldest tricks in the hacker’s playbook and a majority of users can probably recognize this one right away. But still, the prevalence of these attempts on Windows PCs, Macs, and smartphones means that there’s a market out there and people are actually getting fooled.

Don’t let “Lance Rogers from Apple Care” fool you

According to Ars Technica, the phishing site is still active but it is now marked “deceptive” by both Google and Apple. Since you already know what to look for, you probably won’t be fooled by this scam. But just in case, to avoid falling prey to other phishing and tech support scams, Apple has provided a few cybersecurity tips  for your safety:

Protect your Apple ID – Never ever share your Apple ID password and verification codes with anyone.Use two-factor authentication – Enable your Apple account’s two-factor authentication for added security.Beware of pop-ups – If you’re browsing the web and you see a pop-up or a page warning you about a virus or a security issue with your gadget, close that tab immediately. These are fake alerts designed to trick you into contacting a fake support number.Beware of suspicious phone calls and voicemails – Scammers also use unsolicited phone calls to trick you. If you get a phone call from someone claiming to be from Apple, hang up and contact Apple directly.Be cautious with email links – These scams always pretend to be from Apple (or other legitimate companies.) If you get an email or notification from a site that you find suspicious, don’t click on its links. If you need to update your information, go to the company’s website directly.Report suspicious activity – If you get suspicious emails, report them immediately to Apple. If you receive a phishing email pretending to be from Apple, send the info to reportphishing@apple.com. To report spam and other suspicious emails received in your Apple email account, send them to abuse@icloud.com. For suspicious text messages, tap Report Junk on the Messages app.