large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

This new phishing attack could make you give away your Apple ID password

Most iOS users are so used to popups asking for their Apple ID password by now that they just fill it in without a second thought.

But one mobile app developer has proved how alarmingly easy these prompts are to replicate, making them a potential security flaw through which devious hackers could steal your precious user credentials.

Worryingly, the side-by-side comparisons of an official iOS popup and a phishing copy are impossible to distinguish between, so we’d have just plonked our password straight into the sweaty palms of a hacker without even realising it.

The copycat popups actually require less than 30 lines of code to build, and they could feasibly end up in any otherwise legit iOS app on the App Store after sneaking past review teams.

Here’s how you can protect yourself: Hit the home button, and if it closes the app and with the dialog, then it’s phishing attack. If the dialog and the app are still visible, then it’s a system dialog. The developer who made the discovery recommends that you simply don’t enter your details into a popup, but rather dismiss it, and open the Settings app manually.

Most of us blindingly complete these popups without batting an eyelid, but this should serve as a wake up call to anyone with an iOS device. Hopefully Apple has a solution up its sleeve to eliminate the risk.

Have you been caught out by an iOS phishing attack? Tweet us @trustedreviews

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.