iOS Users Beware of New Phishing Scam!
Ask any Apple user what they love most about the company’s gadgets and it would be the design followed by the fact that it is extremely secure. Not that they are wrong – Apple’s security as compared with Windows or Android is way better. The only problem, however, is our habit of taking security for granted. Knowing this, most hackers work on the principles of social engineering – people have impulsive or habitual actions that prevent them from identifying red flags in an unsolicited email, pop-up or link bait. Using this human behavior, hackers have been able to execute large-scale attacks; all starting from a user clicking an unknown email, downloading a file, believing a phishing scam and so on.
Why are we emphasizing so much on this social engineering pointer? Because this new Apple phishing scam looks for the same behavior. Each iOS user has their unique login credentials which connect them to the iCloud and their devices. And every time you have to access a certain task or a platform, the popup demands your sign in. For example, if you want to access the iTunes Store, you have to log in using your credentials. Similarly, iOS asks the user for their passwords for other tasks such as operating system updates, or when they require access to GameCenter. This is where the trouble starts.
Felix Krause, a mobile developer highlighted a long-time loophole in the iOS password pop-up where he proved that it was extremely easy for someone to replicate the system dialog, implement it on their app and have their users enter their iOS credentials without a second thought. See his post here. Even tech experts sometimes find it difficult to differentiate the real from the fake. So don’t panic! You’re not the only one having a hard time staying away from phishing scams. However, you can avoid having your system compromised or at least prevent a mishap from happening if you know the basics of protecting yourself from such dangerous scams.
How to Identify Red Flags and Protect Yourself
Well, you first start by being alert. Every time an app asks you for any kind of login information, or permission to access your data, you have to spend 5 seconds more in thinking whether it is a legit request. Along with that, there are some practical tips suggested by Krause and these include:
- When a popup asks for your credentials, hit the Home button to see if the app quits. If the app closes and the dialog box closes with it, then it was a phishing attack. If however, the dialog and the app are still visible then it is the legit system dialog.
- Instead of adding your credentials into the pop-up, spend an additional few moments and go into the Settings app to enter your credentials if required.
Remember that these pop-ups have already derived your email ID and so as soon as you enter the password, they can get complete access to your account. Now people would again question Apple’s security when it comes to screening apps on the iTunes. Why would Apple allow such apps in their store? The answer to that is simple – it’s pretty easy to create these codes after an app is approved in the store using various tools and methods, which we will choose not to highlight here for moral reasons.
Currently, it is difficult to identify what is legit and what is fake, because mobile phishing is still a new concept and though the company is doing a good job keeping systems safe, it will take more alertness from the part of the user to ensure that they do not compromise their accounts. Stay safe folks!