Cybercriminals are always coming up with new ways to steal information. The latest comes in the form of a popup asking users to enter their Apple ID password. And it looks just like the real thing!
Don’t fall for it!
For iOS users, getting the iTunes password popup is not a new thing. You can change your settings to get the password prompt just once for the next 15 minutes or for every single transaction. It’s so commonplace that you may not even think twice before putting in your password. Cybercriminals are depending on this in the new phishing campaign targeting Apple iOS users. These popups can present alongside legitimate apps downloaded from the Apple store and it will prompt you to enter your iTunes password.
So how can you tell if the popup is legitimate?
To see if the popup is legitimate, press the “home” button. If the popup closes, then it’s a phishing attempt. But if the popup remains, then it’s an official Apple system prompt. We still do not recommend entering your password in the popup. Instead, open up your device’s settings and enter it there directly. For peace of mind, enabling multifactor authentication is the best option.
If you think there’s a possibility that your account might have been compromised, change your password as soon as possible!
Felix Krause talks about it here.