A new phishing scam that tricks iPhone users into revealing their Apple ID is hard to detect even for experts.
The pop-up copies the standard “Sign in to iTunes Store” form that users are familiar with, and appears almost identical to the original. However, if you sign in as directed, you could have your credit card and personal details stolen in seconds.
The scam was revealed by Apple iOS code researcher Felix Krause in a blog post. He said most iPhone users have the habit of just entering their Apple ID password whenever iOS prompts them. The fake pop-up requires very little coding and can be created by “the most basic of tech developers”.
The pop-ups appear on the lock screen, the home screen, and also inside random apps. “Even users who know a lot about technology have a hard time detecting that those alerts are phishing attacks,” Mr Krause says.
Mr Krause said if you hit the home button and the login box closes the app, and also the pop-up, then it was likely a phishing attack. If it is a legitimate Apple request, the pop-up will remain.
He said if you are not sure, the safest thing to do is to only enter your Apple ID login details via settings, not within an app.