Apple is warning iPhone users to be on their guard over a new scam aiming to steal user names and passwords.
If successful, the trick allows cybercriminals to log in to iTunes and the App Store and make purchases. And with many people reusing passwords from one site to another, there's the chance that much more harm could be done.
See also: Scamwatch: Apple customers targeted
The fraud is a variation on a similar scam that was doing the rounds earlier this year.
The scammers text iPhone users - ironically, they don't use iMessage, but 'spoof' it instead - saying that the user's iPhoneID is about to expire.
"Tap http://bit.do/dFG8f to update and prevent loss of services and apps," it continues.
The users are then asked for sensitive information in order to 'unlock' their account.
Other versions of the message refer the user to different links, including 'appleexpired.co.uk', 'appleidlogin.co.uk' and 'icloudmobile.co.uk. And while these appear to have already been blocked by most browsers, there are probably plenty more that are still live.
In fact, there's no such thing as an iPhone ID, but that hasn't stopped people falling for the scam.
Indeed, one AppleCare advisor on the site says he's been getting at least four or five calls a day reporting the scam or asking for help.
Apple warns that any such message is likely to be a con.
"Scammers use any means they can—fake emails, pop-up ads, text messages, even phone calls — to try to trick you into sharing personal information, such as your Apple ID password or credit card information," it warns.
"Never share your Apple ID password or temporary verification codes with anyone. Apple will never ask you for this information to provide support."
The company encourages users to use two-factor identification to help protect their Apple ID - there's more information here.
And if you do think that your ID might have been compromised, you should change your password immediately, both with Apple and anywhere else you may have used the same one.