iPhone users are being warned of a new phishing scam that tricks them into handing out their Apple ID – and even experts are having a hard time detecting it.
Posing as the standard “Sign in to iTunes Store” form that users are so familiar with, the fake form appears almost identical to the original and is capable of stealing credit card and personal details in just seconds.
Apple iOS code researcher Felix Krause this week demonstrated just how simple it is to create a fake login form and steal personal details.
“Users are trained to just enter their Apple ID password whenever iOS prompts you to do so,” Mr Krause wrote in a blog post.
Those pop-ups are not only shown on the lock screen, and the home screen, but also inside random apps.
“Even users who know a lot about technology have a hard time detecting that those alerts are phishing attacks.”
Mr Krause said the malicious login form took less than 30 lines of coding to create and can be easily replicated by the most basic of tech developers.
“Showing a dialog that looks just like a system popup is super easy, there is no magic or secret code involved, it is literally the examples provided in the Apple docs, with a custom text,” he added.
If you’re left feeling unsure as to which pop-ups are real and which are fake, simply avoid them all together and enter your Apple ID login details via settings instead.
Mr Krause also said if you hit the home button and the login box closes the app, and with it the dialog, then it was likely a phishing attack.