Apple two-factor authentication feature now blocks SMS autofill for phishing attacks

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605
Apple’s two-factor authentication autofill feature makes it painless to enter verification codes sent via SMS, but phishing attackers are getting savvy to this.

When they trick people into clicking on a fake link to a site that prompts for an SMS code, they do the same, so it looks legit when autofill offers to paste it in for you …
But Apple is now guarding against this by asking companies to send SMS codes in a new, more secure format.

With this format, your devices will only offer to autofill a verification code if the domains match. For example, if the site claims to be apple.com but the phishing link is to apple.securelogin.com, then you won’t be offered the autofill option.

The new format, which you may have started to see from late last year, looks like this: