Discovered a new phishing attack steals your password and the Apple ID. If you’re using an iOS device chances are in the last hours has appeared a pop-up window where it asks you for this passcode. It is an alphanumeric code that we normally use when we go to download apps in the App Store or songs in the iTunes Store.
However, it’s also being used maliciously to steal personal data of users of iPhone or iPad– and no, we are not referring to the possible vulnerabilities of the Id Face , or facial recognition system.
In a new entry posted on its blog, the developer Felix Krause warning of the dangers of using this system if we do not take the appropriate precautionary measures. This is not the first time it puts into question the security failures of Apple: what we have seen with previous scams through SMS fake or how to by this pathway have been with our credit card.
This expert explains how any manufacturer of iOS applications you can recreate the password for the Apple ID and send to our device, this pop-up window to give you access to our data. And do not think that it is a complex process. On the contrary, with less than 30 lines of code we can make ourselves go through a legal application and trick the controls review of the App Store.
Krauses points out that this is the same problem that lead to having the desktop browsers for years, where websites with bad intentions send fake popups with notifications identical to the true.
To avoid falling into this new phishing attack that steals the password of the Apple we can protect ourselves in different ways:
- Pressing the start button we check if the application is closed or not. If it is closed, it is a malicious attack; if it is still visible, form part of the system.
- You are advised not to enter the password in pop-up windows. It is better to do it manually, opening the application from the Configuration section.
- It is important to keep in mind that if you press the Cancel button, the application continues to access the content.
And you, do you follow you’re recommendations to protect your iPhone from attacks of potential phishing attacks that try to steal your Apple ID?