Apple two-factor authentication feature now blocks SMS autofill for phishing attacks


Level 41
Thread author
Top Poster
Nov 10, 2017
Apple’s two-factor authentication autofill feature makes it painless to enter verification codes sent via SMS, but phishing attackers are getting savvy to this.

When they trick people into clicking on a fake link to a site that prompts for an SMS code, they do the same, so it looks legit when autofill offers to paste it in for you …
But Apple is now guarding against this by asking companies to send SMS codes in a new, more secure format.

With this format, your devices will only offer to autofill a verification code if the domains match. For example, if the site claims to be but the phishing link is to, then you won’t be offered the autofill option.

The new format, which you may have started to see from late last year, looks like this:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.