Business

Dangerous iPhone scam easy to fall for

APPLE users are being warned about a potential iPhone phishing attack which could be used to steal their credit card and personal details in just seconds.

The phishing scam looks like the familiar pop-up which routinely prompts iPhone users to enter their Apple ID password when doing things like downloading apps or upgrading the operating system - and it's nearly impossible to tell the difference.

It's not believed such a phishing scam is currently in the wild but Apple iOS code researcher Felix Krause has demonstrated just how simple it is to create a fake Apple ID login form and steal peoples' personal details.

In a blog post this week he showed how he could "easily get the user's Apple ID password, just by asking". The result is quite eyebrow-raising, to say the least.

Can you tell the difference between the real pop-up and the phishing attack below?

The one of the left is legitimate, while the one on the right is not.
The one of the left is legitimate, while the one on the right is not.


"The goal of this blog post is to close the loophole that has been there for many years, and hasn't been addressed yet," Mr Krause wrote.

"For moral reasons, I decided not to include the actual source code of the pop-up, however it was shockingly easy to replicate the system dialogue."

The most common phishing attacks are usually deployed via e-mail and are designed to trick the victim into clicking a malware-infected link or giving up their details which can be used to burrow into their digital life.

Phishing attacks within mobile apps are mush less common and what makes this one so potentially dangerous is the fact that iPhones users are so accustomed to the 'Enter your Apple ID' pop-up.

"As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so," he wrote. "This could easily be abused."

HOW TO PROTECT YOURSELF

According to Mr Krause, if you're presented with a pop-up you think might be dubious, hit the home button and see if the app quits.

"If it closes the app, and with it the dialogue, then this was a phishing attack," he wrote.

However if the dialogue box and the app are still visible, then it's a legitimate system prompt from Apple. "The reason for that is that the system dialogues run on a different process, and not as part of any iOS app."

Alternatively, if you want to be on the safe side you can dismiss the pop-up box and go into 'Settings' to enter your ID password manually.

Apple has been contacted for comment.

Topics:  editors picks games and gadgets identification iphone scam security

News Corp Australia


What's on: Coffs Coast and Clarence Valley

CANCER GALA: Paul Mercurio, star of Baz Luhrmann's Australian film Strictly Ballroom, will be the celebrity judge of the 2017 Stars of the Coffs Coast Dance for Cancer gala fundraising night at C.ex Coffs on October 28.

What's happening in your region in October and November.

Dads and sons make cricket a family affair at Sawtell

FAMILY AFFAIR: Fathers and sons dominate this second grade cricket team from Sawtell with two generations of Neals, Baileys, McMillans, Buckles and Horsleys all playing together.

One of Sawtell's second grade teams is full of father and sons.

All systems are go for golf festival

GOLF GALORE: The Coffs Harbour Golf Club is about to embark on its busiest period of the year as it hosts the 67th annual Great Northern Festival of Golf.

67th annual Great Northern Festival of Golf tees off this weekend.

Local Partners