A tricky method makes it almost impossible to realize that phishing victims have become the iPhone owner.
Felix Krause iOS developer and founder of Fastlane Tools demonstrated an almost unnoticeable phishing scam, which could even mislead the most mischievous Internet users – The Hacker News reported. A malicious iOS app can steal your Apple ID so you can access your iCloud account and data.
The app shows a fake dialog box for the user, which then copies the Apple official window to allow the attacker to obtain the Apple ID. Although there is still no indication that they have actually used this option, Krause says that it is “shockingly easy” to reproduce the system’s official dialog. For security reasons, the researcher did not disclose the related source code.
In any case, Krause suggests to users that if a suspicious dialog box appears, press the Home button (of course, is this kind of a window that perfectly mirrors the original). If the app is closed after the Home button is pressed and the dialog disappears, it was a phishing attack. However, if the app and window are left behind, then Apple’s official window. Krause also recommends that users use 2-step authentication, because attackers do not get much of the password.