Hackers are targeting Apple iCloud users with phishing messages designed to steal financial information.
Sophos employee Paul Ducklin reported in a blog post that the messages are tailored to look like legitimate security alerts.
'Your account may have been compromised. Please cancel the following Order Number: WZEYMHCQVWZ20,' reads the bogus message.
'Within Apple Inc. latest security checks, we recently discovered that today there were incorrect login attempts to your account. For your account status to get back to normal, Go Here >> to complete the details.'
The links in the message go to a page owned by the criminals, which requests the filling in of a 'cancellation form'.
"The bogus payment cancellation form is hosted on what looks like a hacked home-user DSL connection in Canada," explained Ducklin.
"The data submission form goes to a similar ‘server' hosted on a connection via a boutique ISP in Switzerland."
Ducklin recommended a variety of protective measures to defend against phishing attacks of this kind.
"Don't assume that crooks aren't interested in you. You may have the smallest, simplest web server in the world, but if there's a security hole, the crooks can use your server, and your URLs, as a staging post for their cyber crimes," he said.
"Use two-factor authentication if you can. This relies on one-time log-in codes, so the crooks can't simply phish your password and use it over and over."
Ducklin is one of many security professionals to call for wider use of two-factor authentication.
Attackers are believed to have taken advantage of a lack of two-factor authentication to guess celebrities' iCloud passwords during a wave of high-profile incidents in 2014.
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps
OnePlus 3T canned to make way for imminent OnePlus 5 with Snapdragon 835, 8GB memory and dual camera
OnePlus 3T to be prematurely retired on 1 June - perhaps indicating plans for an imminent OnePlus 5 launch