When they try to log-in, it will send a unique code to that phone number, and that has to be typed into the site.
It’s built to foil people who steal passwords and then use them to get into accounts, because it requires physical access to the phone; and that’s why people are now trying to get around it with scams.
According to Mix Panel's report, which relies on partners sharing the version of i OS people are using to download their apps, only about 11% of users have updated to the latest version of i OS, while about 2% of people are on the beta version of i OS 10, which is also protected from the security issue.
That means more than 86% of i OS users are still vulnerable to a malicious tool called "Pegasus," an impossible-to-detect software that can hack an i Phone using nothing more than a text message.
One highlighted this weekend shows a message that claims to be from Google and tells people that their account may have been hacked.
If they want to have it shut down, it says, they need to reply to the message with the 6-digit verification code that they are about to receive.
The advice is the same as traditional phishing: responsible companies will never ask you to reply to a message with your personal details, or tell you to click on a dodgy link, so make sure that you always only give your information to official websites and be careful that you are.
Anything below the latest version, 9.3.5, is vulnerable to this kind of attack.
The technology that powers texts allows people to put custom names in when they send messages – allowing people to easily pretend to be Google, Apple or anybody else.
As such, the main thing is to never give any information over text message, and only use it as a way of showing alerts.
They aim to trick people into giving up the password that they use to get into their Apple account – and, once hackers are into that, then they can easily get your bank account details, your location, and more scary stuff besides.
Most of these notifications just work like traditional phishing scams, where cyber criminals pretend to be a company so that users send them details.