iPhone and iPad users could have their Apple account passwords and credit card details stolen with a fake login pop up that can easily be generated by a malicious iOS app.
Developers have the ability to create this pop up that looks just like the official Apple sign-in method.
This “phishing” attack – a method to lure users into volunteering their passwords by thinking it’s from a real company they deal with – was highlighted by a developer and can be created within an app as a way to capture login details and access credit card information.
It has not been used but the potential is there for a cybercriminal to find a way into your Apple ID.
iPhone and iPad users are familiar with these pop ups which usually include the email address associated with the account.
So it’s alarming to think this could be easily abused and place millions of users at risk.
But there are ways to protect yourself from this potential intrusion.
For one, these pop-ups usually appear on the home screen or lock screen of the iPhone or iPad.
They can also appear within some of Apple’s apps like Apple Music, iTunes and the App Store.
But if it starts appearing while using random apps – this should put up a big red flag.
Here’s what you can do to see if the pop up is genuine:
– Close the app. If the pop up closes with it you know it was a phishing attack.
– If the pop up is still visible it’s part of the iOS system which runs on a different process to an app.
– don’t enter your details in a pop up. Go to the settings and do it there.
– don’t type anything in the dialog box. If a user types out a password and then works out it’s a fake and hits the cancel button – the app would still have access to what you typed into the password field. So the app would now know your password.
Another way to protect your Apple ID is with two-factor authentication. This means every time you try and log in you need to type in a code that is sent by SMS to your phone.
Now while this seems worrying, the likelihood for an iOS app to get away with this phishing attack is highly unlikely.
Apple monitors the App Store quite thoroughly and acts as a strict gatekeeper for every app that applies to become part of its App Store.
Apple has been known to reject apps that don’t run properly or provide a poor user experience so naturally an app that could expose user information and puts their security at risk is certain to be caught.
But be careful out there anyway.