iOS Phishing Scam Creates Fake Login Boxes That Look Just Like Apple's

iPhone and iPad users are being warned about a new scam targeting iOS devices that can be used to steal login details and potentially credit card information.

The scam involves malicious apps that can be used to trigger fake Apple ID login prompts, which look exactly like the real thing.

Credit: Paul Hudson (Creative Commons)

The bogus login boxes usually appear when users try to install or update an app, asking for login details to be entered before they can continue.

If the user enters their password, the attacker could use them to access their account, find their payment information and steal their credit card details.

Felix Krause, an app developer based in Vienna, Austria posted a video to his blog on Tuesday, demonstrating just how easy it is for attackers to create fake Apple login pop-ups and use them to phish customers' details.


Credit: PA

"Users are trained to just enter their Apple ID password whenever iOS prompts you to do so," Mr Krause wrote in his post.

"However, those pop-ups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases. This could easily be abused by any app."

Hackers who use this technique could use the information supplied by unwitting Apple customers to steal credit card details and make fraudulent purchases.

iphone x
iphone x

Credit: PA

Mr Krause also used his post to arm users with the knowledge to protect themselves from such attacks.

He wrote: "Hit the home button, and see if the app quits:

"If it closes the app, and with it the dialog, then this was a phishing attack.

"If the dialog and the app are still visible, then it's a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.

"Don't enter your credentials into a pop-up, instead, dismiss it, and open the Settings app manually. This is the same concept, like you should never click on links on emails, but instead open the website manually.

"If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password."

To summarise, the best way to get around the scam is by never entering your login details directly into a pop-up, and instead opening up the iPhone's settings to enter them directly.

Featured Image Credit: Hamza Butt (Creative Commons)

Stewart Perrie

Stewart Perrie is a Trending Journalist at LADbible. His first job was as a newsreader and journalist at the award winning Sydney radio station, Macquarie Radio. He was solely responsible for the content broadcast on multiple stations across Australia when the MH17, Germanwings and AirAsia disasters unfolded. Stewart has covered the conflict in Syria for LADbible, interviewing a doctor on the front line, and has contributed to the hugely successful UOKM8 campaign.

Next Up

arrow-down arrow-left arrow-right arrow-up camera clock close comment cursor email facebook-messenger facebook Instagram link new-window phone play share snapchat submit twitter vine whatsapp logoInline safari-pinned-tab Created by potrace 1.11, written by Peter Selinger 2001-2013