Business

Dangerous iPhone scam easy to fall for

APPLE users are being warned about a potential iPhone phishing attack which could be used to steal their credit card and personal details in just seconds.

The phishing scam looks like the familiar pop-up which routinely prompts iPhone users to enter their Apple ID password when doing things like downloading apps or upgrading the operating system - and it's nearly impossible to tell the difference.

It's not believed such a phishing scam is currently in the wild but Apple iOS code researcher Felix Krause has demonstrated just how simple it is to create a fake Apple ID login form and steal peoples' personal details.

In a blog post this week he showed how he could "easily get the user's Apple ID password, just by asking". The result is quite eyebrow-raising, to say the least.

Can you tell the difference between the real pop-up and the phishing attack below?

The one of the left is legitimate, while the one on the right is not.
The one of the left is legitimate, while the one on the right is not.


"The goal of this blog post is to close the loophole that has been there for many years, and hasn't been addressed yet," Mr Krause wrote.

"For moral reasons, I decided not to include the actual source code of the pop-up, however it was shockingly easy to replicate the system dialogue."

The most common phishing attacks are usually deployed via e-mail and are designed to trick the victim into clicking a malware-infected link or giving up their details which can be used to burrow into their digital life.

Phishing attacks within mobile apps are mush less common and what makes this one so potentially dangerous is the fact that iPhones users are so accustomed to the 'Enter your Apple ID' pop-up.

"As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so," he wrote. "This could easily be abused."

HOW TO PROTECT YOURSELF

According to Mr Krause, if you're presented with a pop-up you think might be dubious, hit the home button and see if the app quits.

"If it closes the app, and with it the dialogue, then this was a phishing attack," he wrote.

However if the dialogue box and the app are still visible, then it's a legitimate system prompt from Apple. "The reason for that is that the system dialogues run on a different process, and not as part of any iOS app."

Alternatively, if you want to be on the safe side you can dismiss the pop-up box and go into 'Settings' to enter your ID password manually.

Apple has been contacted for comment.

Topics:  editors picks games and gadgets identification iphone scam security

News Corp Australia


GALLERY: Warwick Gold Cup action

DETERMINATION: Louise Comiskey and Glow on the move in the 1st round of the Warwick Gold Cup.

WATCH: Campdrafting at its best in Warwick Gold Cup heats.

Rewards for loyal art lovers and avid readers

BOOK WORMS: Councillor Sheryl Windle and librarian Marianne Potter have a bit of fun at the Warwick library.

Loyal gallery-goers and readers rewarded

5 reasons riders absolutely love horse sports

READY TO RIDE: Barrel racer Meg Stewart loves the thrill of the sport and the bond she has formed with her horse.

Find out why the Warwick Rodeo Queens keep getting back on the horse

Local Partners