This new phishing attack could make you give away your Apple ID password

Most iOS users are so used to popups asking for their Apple ID password by now that they just fill it in without a second thought.

But one mobile app developer has proved how alarmingly easy these prompts are to replicate, making them a potential security flaw through which devious hackers could steal your precious user credentials.

Worryingly, the side-by-side comparisons of an official iOS popup and a phishing copy are impossible to distinguish between, so we’d have just plonked our password straight into the sweaty palms of a hacker without even realising it.

The copycat popups actually require less than 30 lines of code to build, and they could feasibly end up in any otherwise legit iOS app on the App Store after sneaking past review teams.

Here’s how you can protect yourself: Hit the home button, and if it closes the app and with the dialog, then it’s phishing attack. If the dialog and the app are still visible, then it’s a system dialog. The developer who made the discovery recommends that you simply don’t enter your details into a popup, but rather dismiss it, and open the Settings app manually.

Most of us blindingly complete these popups without batting an eyelid, but this should serve as a wake up call to anyone with an iOS device. Hopefully Apple has a solution up its sleeve to eliminate the risk.

Have you been caught out by an iOS phishing attack? Tweet us @trustedreviews