How To Protect Your Apple ID From iOS Scams
While it’s much rarer to hear horror stories about iOS scams, the potential of your Apple product being compromised remains a real possibility. Last month, app developer and founder of fastlane Felix Krause created a proof of concept demonstrating how simple it is for hackers to attain user credentials on iOS — so simple, in fact, that all they have to do is ask.
Krause coded a dialog box that looked identical to an Apple system popup asking for the user’s iTunes password, a prompt that occurs before installing operating system updates and In-App-Purchases as well as accessing iCloud and Game Center. Since differentiating the phishing scam and actual dialog is impossible even for those well-versed in technology, this is an extremely effective way for hackers to steal sensitive user information.
Furthermore, phishing apps aren’t even required to know your email before requesting sign-in, as some official in-app prompts only ask for your password — this makes it even easier for scammers to get your password via their fake dialog box. Krause goes on to state that creating a fake system popup is extremely easy since it’s comprised of under 30 lines of code that any iOS engineer could easily replicate.
While telling the phishing prompt apart from the legitimate Apple dialog may be a challenge, there are ways to protect yourself. Firstly, press the home button — if this closes the app and dialog with it, it’s a definite phishing attack. If the app and dialog remain open, then it’s an authentic system dialog. To be safe, get into the habit of not entering your details into a popup. Close the prompt, then go to the Settings page where you can manually enter your credentials.
Apple is extremely vigilant with its app review process, but this doesn’t mean that sneaking malicious content under its radar is impossible. For this reason, it’s important to be aware of the latest scams and be informed of the ways you can safeguard yourself from potential threats.