I know it's a scam. It's been well documented that this sort of thing is doing the rounds... but what doesn't seem to be so well documented is what I'm supposed to do with it.
For those that don't know, this is what's known as a phishing scam. Or, seeing as it's sent via SMS message, a smishing scam. In any case, the key fact is that it's basically an attempt to commit fraud.
When someone falls for it they click on the link contained in the text... which takes them to a website that looks exactly like a corporate, Apple website.
It's a very convincing clone... and if you'd clicked on the link believing the message to be genuine, there isn't really any reason to suspect that it's not legit when you land here.
So I imagine plenty of people end up surrendering their Apple ID and password to the crooks responsible.
In some cases that would give them the ability to spend your money.
I used easily.co.uk to see what I could see about who had registered the domain icloudauditing.co.uk... and when. This is what I found...
As you can see, it was registered via internet.bs on May 14th 2016. That's today.
Using a site with a dot BS domain seems rather fitting, although it turns out that the BS actually stands for the Bahamas.
It claims it was registered by someone called Peter Dawson although I'd be highly surprised if they were foolish enough to use their real name.
I don't really know, but from the outside looking in, I reckon it's fairly likely that a Peter Dawson has paid for it... it's just he's someone who'd fallen for the scam previously and is, as yet, unaware that his account has been compromised...
If the text had come from a number I'd know how to report it.
But it doesn't. It comes from an account called 'WARNING'. It's impossible for me to reply to. Or to block. Or, it seems, to report. Apparently the only course of action available to me is to delete it.
Which doesn't seem very satisfactory to me. It's not very community minded, for sure.
If someone tried - but failed - to mug me in the street, I can't imagine many people advising me to just ignore it. Because surely they're the sort of person who'll move on and try and mug someone else. Surely we should report attempted crimes, not just successful ones.
But that doesn't seem to be possible when someone tries to mug me via my phone. Ignoring it and deleting the text is, I'm told, the only thing to do. I don't even have a way of preventing those responsible from sending me more of the same. It's only if I fall for it that people will do something.
When I get spam emails I know how to block them. Or how to block emails that are like them. I know that, even if an email is lying about where it came from, someone, somewhere is able to follow the chain and work out where it really came from. I assumed the same would be true with text messages.
It seems not. It seems it is possible for someone to send thousands - probably hundreds of thousands - of texts to people without anyone being able to unravel where they originate from. Is there a good reason for this route to my phone to exist? Is there a sensible way of shutting this path down? Are there buttons I could press that would mean I could only receive text messages from identifiable sources? If there isn't... um... why isn't there? I guess there might be a reason. Is it achievable? Wouldn't less people end up getting defrauded if it were?
I know a handful of vulnerable people who would absolutely fall for this. Certainly I know one person who's fallen for a similar scam that arrived via email. It just seems a little odd to me that the phone companies provide this route to us - but don't have departments devoted to preventing this sort of abuse of the system.
Have I been given bad information or is there genuinely nothing for the community minded soul to do about this?