STATEN ISLAND, New York: Apple iPhone and MacBook users are falling victim to a phishing scam when checking text messages - inadvertently giving schemers access to their Apple ID, according to a recent report.

As reported by Macworld and Toms Guide, the new smishing, or SMS phishing campaign, has been observed by security researchers at Broadcom.

The scam is designed to steal your login credentials, which can then be used to take over your Apple account and other accounts on iPhone, iPad and iMac.

Here's everything you need to know about the scheme, what red flags to look for and how to keep your Apple ID safe from hackers.

Impersonating Apple

According to a new report from Broadcom, users get a fake text message targeting iPhone users. It starts with "Apple important request iCloud" and contains a link. Potential victims are also urged to sign into their account to continue using the service.

Apple typically doesn't send messages about iCloud via text message, the report said. If something is off with your cloud storage, the company sends you an email, the Toms Guide report said.

If you do click on the link, you will be taken to a malicious site posing as iCloud.

Another big red flag is that you need to complete a CAPTCHA form before logging in. The company doesn't use CAPTCHA for verification though. Instead, it uses Touch ID or Face ID. If those options aren't available, Apple will ask for a six-digit, two-factor authentication code sent to one of your devices.

Entering an Apple ID and password to log into this fake iCloud site allows the hackers behind this campaign to steal your credentials, according to one report, making identity theft possible.

Red flags

Fortunately though, there are some dead giveaways that a message isn't legitimate. In this case, hackers try to instill a sense of urgency by telling you that you need to login immediately or risk losing access to your account.

It's not true. There's an easy way to see if a message is legitimate.

You can hover over any linked text or right click on a link to copy and paste it somewhere else for further analysis. With a simple web search, you see what domains a company actually uses and compare those with the ones in an email or message.

Another red flag is misspelled websites. This is a trick hackers use to get you to click on malicious links in the first place.

You absolutely want to avoid logging in to your accounts from any link sent to you via text or email.

Instead, use a browser to navigate to the site or service yourself and then log in that way, experts say.

 - TNS