Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
How to Protect Yourself from iOS Password Phishing Scams

How to Protect Yourself from iOS Password Phishing Scams

By István F.István F. Verified by Adam B.Adam B. Last updated: July 14, 2024 (0)

Even if you have the strongest password on planet Earth, it’s still possible to get screwed if you fall for a phishing attack – or, in other words, by typing your credentials into a scam website. And it doesn’t matter which operating system you’re using – mobile or desktop – if you give out your password, it’s like handing over the keys to your house with a clear instruction: “Take what you want.”

After pointing out the potential privacy risks that iOS users are exposed to, security researcher Felix Krause is seeking to draw attention of both users and Apple to a potential security threat that more than a billion iOS users could be a target of. He’s doing so with a published proof-of-concept (POC), which highlights how hackers can replicate the familiar prompts that iOS users are used to seeing.

ios phishing scam

According to Krause, getting a user’s Apple ID password has never been easier. To those who may be unaware, Apple users have at least one credit card or PayPal account connected to their Apple ID, so giving out the password would mean hackers could get access to financial information.

Why are we giving out our passwords?

As Krause points out, half-jokingly, if you want a password, “just ask your users politely, they’ll probably just hand over their credentials, as they’re trained to do so.” That’s because iPhone or iPad owners are so used to typing in their passwords: whenever iOS prompts them for their Apple ID password, they simply enter it.

Just think about the older versions of iOS (not the currently available iOS 11), when a password was required to confirm a purchase, initiate a download, and more. Now things have changed slightly, especially with the introduction of biometric authentication.

Still, from time to time this prompt will appear, and if you don’t pay attention to when and how it appears, you may well end up the victim of a scam because hackers can easily replicate the otherwise legitimate prompt that Apple displays.Sign in itunes store

How to protect yourself

Every unsolicited prompt for your password should raise a red flag and make users suspicious about its origins. That’s the golden rule to follow to avoid phishing scams, and this one is no exception. To verify the validity of the password prompt, iOS users should hit the home button to close the app.iTunes store sign in prompt

  • If the app closes and the password prompt disappears, you should know that this was a phishing attack.
  • If the prompt and the app are still visible after pushing the home button, you can be sure that this is a legitimate dialog box created by iOS. It won’t disappear, since it runs on a separate process and is not part of any app.
  • If the prompt is legitimate you can enter the password, but still Krause recommends hitting “Cancel”, then opening the Settings app and looking for iTunes and App Store, then entering the password when prompted.

How to protect yourself from other phishing attacks

It’s not news that scammers will try to get a user’s credentials through various methods: fake emails, pop-up ads, text messages, and even phone calls. What you should know, though, is that Apple will never ask for your Apple ID password or temporary verification codes – if two-factor authentication or two-step verification is enabled – to provide support. In a support page dedicated to the topic of phishing scams Apple gives various pieces of advice to help users identify such attacks.

Still, if you think your Apple ID has been compromised, the first step you should take is to change the password immediately and, most importantly, activate two-factor authentication (2FA). That’s different to two-step verification, and you should know why.

Apple strongly recommends reporting suspicious emails, and users can do that simply by forwarding the message to the company complete with its header information. It has different email addresses for spam or other suspicious emails received in iCloud.com, me.com, or mac.com inboxes, as well as suspicious messages received via iMessage.

We recommend the following: use a strong password to protect your Apple ID along with 2FA, and don’t let scammers catch you off guard. Keep an eye on all your received emails for anything suspicious, and identify the signs of phishing scams.


Best password managers of 2024

Editor's choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4.5)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us