iPhone users have been warned of a new type of phishing scam that tricks you into giving away your Apple ID.

Malicious iOS apps can easily create fake login pop-ups that look exactly like the ones used by Apple, an expert cautioned.

The login boxes usually appear when you try to install or update an app, and ask you to enter your Apple ID password before you can continue.

If you input your password into one of the fake boxes, the attacker could steal it and use it to access your credit card information.

App developer Felix Krause, based in Vienna, Austria, published a proof-of-concept on his blog on Tuesday that showed how easy it is to copy Apple’s ‘Sign In to iTunes Store’ prompt to take a user’s password.

Mr Krause said malicious developers can turn on alerts inside their apps that look almost identical to Apple’s pop-ups using a simple bit of code.

‘Users are trained to just enter their Apple ID password whenever iOS prompts you to do so,’ Mr Krause wrote in his post.

‘However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases. This could easily be abused by any app.’

Hackers who access your Apple ID password could make fraudulent purchases and potentially steal your payment information.

If you use your Apple ID password elsewhere, like your online banking service, cyber criminals could use it to crack your accounts.

app phishing

How to protect yourself

You can protect yourself from the fake pop-up scam by never inputting passwords into an Apple pop-up.

Instead, Mr Krause said, you should go into your iPhone’s settings menu and enter it there to confirm it’s a real request from Apple.

You can also click the home button whenever a pop-up is shown.

Mr Krause said this will close the app if it is a phishing scam, but the pop-up will remain if it is a legitimate Apple ID request.

You should also always have two-factor authentication activated on your Apple account for an extra layer of security.

Share your comments below

  • Thank you for the warning. There are too many scams these days.


  • Thanks for your timely warning. Don’t have an Apple phone, but bet there are similar scams out there for the other phones too.


  • That’s scary- I’ll be sure to let hubby know about this one!


  • This is a real concern. Thank you for the update and also the very helpful tips.


  • Both login screens look the same so couldn’t tell the difference.


  • It is hard to tell the difference!


  • I saw this on Sunrise yesterday. How easy to know all you have to do is click the home button. If the pop up was fake, it disappears. As an iPhone owner, this is handy to know


  • Good to be aware.


  • Really glad I don’t have an iPhone after reading this.


  • I am always extremely cautious and careful about passwords and authentication.


  • It’s important to stay alert, you will only need to put in your Apple ID when you have clicked iTune icon and want to purchase something. Any other times, if the prompt showed up, just ignore it.
    Oh, and I never add my credit card number to Apple ID or anywhere else too.


  • No I couldn’t tell the difference at all.


  • I won’t put in my Credit card no on Apple, just stay safe and use iTunes cards.


  • Own an Android and avoid it altogether. BOOM


  • Wow, thanks for sharing. Things like this really worry me. I’m always concerned now about malware and scams and fake pop ups.


Post a comment
Like Facebook page

LIKE MoM on Facebook

Please enter your comment below
Would you like to include a photo?
No picture uploaded yet.
Please wait to see your image preview here before hitting the submit button.
Your MoM account

Lost your password?

Enter your email and a password below to post your comment and join MoM:

You May Like


Looks like this may be blocked by you browser or content filtering.

↥ Back to top

Thanks For Your Star Rating!

Would you like to add a written rating or just a star rating?

Write A Rating Just A Star Rating