One of the features of iOS is that when you receive a 2FA text message, you have the option of automatically filling up the text box without having to pull up the message and enter the code yourself. It’s meant to make it easier for users to deal with 2FA codes, but it also seems to be one that hackers are exploiting.
So much so that it appears that Apple is changing the way they send their 2FA text messages to users. If you own an iPhone and have received 2FA codes from Apple and you see some extra text appended to it, don’t be alarmed because this is how Apple is dealing with potential phishing websites.
This messages should now look something like, “Your Apple ID Code is: 123456. Don’t share it with anyone. @apple.com #123456 %apple.com” The idea behind it is that the domain in the text should match the domain of the website you’re entering the 2FA into. If it matches, users get the option of using the autofill function.
This is because like we said, some phishing websites try to take advantage of the autofill to steal 2FA codes and login credentials, so this is Apple’s way of combating it. While it’s not necessarily a perfect system and could be potentially exploited down the line, it’s better than nothing. It won’t stop users from being phished entirely, but hopefully it will cut down on such instances.