Recently, information about a new phishing scheme targeting iOS devices appeared on the web , which allows attackers to get information about Apple ID accounts. The crazy thing is that the toolkit, which is necessary for this hack, is provided by Apple itself.
App developer Felix Krause said that using Xcode, any developer can write a script, the code of which consists of no more than 30 lines. Such a script will simulate a dialog box with a request to enter user data and a password in order to safely steal them.
Therefore application developers can resort to such vicious practices, since Apple’s policy does not yet prohibit the use of pop-up windows. Krause published some tips on how to protect personal data from scammers:
- After seeing the dialog box in the application asking you to enter the Apple ID and password, click on the Home button. If the window collapses with the program – it’s scammers, if you stay on the screen – you have the iOS system notification.
- Do not enter your data in a pop-up window, and instead close it, go to Settings and log in to the account manually.
Also, in this context, would like to draw attention to another point. The screenshots show that the application knows the Apple user ID and asks only to enter the password. In fact, application developers do not and can not have access rights to such data.
So, apparently, Apple ID is selected based on the information that the application takes from the contacts: most often the email address of users coincides with the Apple ID.
So let’s add one more tip: if you install the application and it asks for access to the contacts, think again whether it is worth giving it such approval.
In addition, pay attention to the fact that some applications that require authentication, allow you to enter through social networks, such as Facebook or Twitter. These networks can also contain email addresses of users, which also often coincide with the Apple ID. Therefore, if you value your personal data, we advise you to carefully choose those to whom they communicate information.