5 iCloud Phishing Scams
While browser pop-up scams are more common and annoying, they’re not the only kind of iOS device scam that uses a pop-up window. There’s another kind that’s much more malicious — particularly as it’s harder to check for legitimacy.
If you’re an iOS user, you’re probably familiar with OS pop-ups asking for your iCloud password to authenticate. Unfortunately, these pop-ups are shockingly easy to replicate on the developer side, as a security researcher revealed last year. Worse still, they can be nearly identical to legitimate password prompts.
Since iOS is a closed system, third-parties can’t issue a password prompt on the Home or Lock screen. But malicious entities can force a fake login popup within an app that’s been compromised or has been specifically created by an attacker.
These malicious prompts will attempt to steal (“phish”) your iCloud password, and possibly your associated email address.
Luckily, Apple has a plan to mitigate these phishing scams in the future. In the meantime, your best bet is to hit the Home button.
- If the popup goes away on the Home screen and doesn’t reappear, it’s a scam.
- If it remains on the screen then it’s a legitimate password prompt.