Published: Wed, October 11, 2017
Research | By Raquel Erickson

IOS Phishing Attack Masks Itself As Apple-Style Password Request

IOS Phishing Attack Masks Itself As Apple-Style Password Request

The proof-of-concept was detailed by Felix Krause, founder of the open-source app-building tool fastlane.

iPhone and iPad users have been warned of a new type of phishing scam that tricks you into giving away your Apple ID.

To protect yourself from such attacks, Krause suggests that you hit the Home button when the prompt pops up.

You can also click the home button whenever a pop-up is shown. If the app and dialog close, you were being phished.

According to the reports, the update will bring back the 3D Touch app switch gesture.


Mr Krause said malicious developers can turn on alerts inside their apps that look nearly identical to Apple's pop-ups using a simple bit of code.

"This could easily be abused by any app..."

Hackers who access your Apple ID password could make fraudulent purchases and potentially steal your payment information.

Worryingly, the side-by-side comparisons of an official iOS popup and a phishing copy are impossible to distinguish between, so we'd have just plonked our password straight into the sweaty palms of a hacker without even realising it.

To download the update, go Settings General Software Update (the preferred way, and is about 300MB) or connect your iPhone to a computer running iTunes and then carry out the update (this is slower and downloads the entire operating system as opposed to just the changes, and comes in at several gigabytes). That being said, it should be pointed out that this phishing method isn't exactly new and that Apple usually checks apps for this before being accepted to the App Store.

Like this: