This new scam tricks people into giving away their Apple ID
I've recently introduced my mom to her first smartphone, which as you can imagine, isn't the easiest thing to do. It took her a while to get used to the text speak of her outdated flip-phone (remember those?) so bringing her into the world of touch screens, predictive text and WiFi is not exactly smooth sailing.
One thing she often gets preoccupied with is the idea that she's being scammed in some way. Even downloading an app from the app store, when it's free and there's no money exchanged, can make her a little nervous. I have explained to her that this is a normal, safe thing to do many times by now, but after this recent news, it might be that I was wrong and she was right the entire time.
Scam artists are always trying to find new ways to rip us off, but the original fraudulent emails we would get about earning inheritance rewards from African royalty you never knew you were related to... well, it's so unsuccessful we haven't taken it seriously for a long time.
Always adapting, these fraudsters have found a new way to slip under the radar and into our bank accounts.
A new form of phishing scam is targeting iPhone users. Malicious iOS apps can create fake log-in pop-ups that that appear when you install or update an app, which ask you to enter your Apple ID password before you can continue. Experts have warned that if you enter your password into these fake boxes, hackers can steal it and use it to access your credit card information.
Felix Krause, the tech genius behind "fastlane", warned on a blog post that while "modern web browsers already do an excellent job protecting users from phishing attacks", scams within mobile apps is a fairly new concept that is new territory to us all. That way, phishing scams can get through under our noses:
"iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps that are stuck during installation.
"As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so. However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases.
"This could easily be abused by any app, just by showing an UIAlertController, that looks exactly like the system dialog."
This isn't just a warning to those of us who are inexperienced with new technology either, as Krause warns that: "Even users who know a lot about technology have a hard time detecting that those alerts are phishing attacks". Krause's key advice to us all is to set up two-factor verification for every log-in under your name to be extra safe - which is good advice regardless of this new scam.
If you want to find out more about ways to combat this, check out the full post on Krause's blog. So if you've gotten used to entering your Apple ID and password at a moment's notice, spend a little extra time checking that it's legitimate before you do, otherwise you might fall victim to one of these scams.