There’s a terrifyingly simple iPhone scam that could steal your most personal information. But there’s an easy way of staying safe – so long as you know about it.
The newly identified scam means that apps can show a password login box on your iPhone that looks exactly like the legitimate one that comes from Apple. Since it looks real, most people will enter their password – and with it, give the scammer access to their Apple ID.
Once someone has that, there’s the potential to wreak havoc. The Apple ID secures everything on your phone – your photos, your messages, your browsing history and more – and unless you’re using two-factor authentication it can be all anyone needs to get in.
Apple unveils the iPhone X
The scam works by creating a pop-up within a compromised app that looks exactly like the password pop-up screen. There’s no obvious way of telling the difference from a real one, since Apple pops up that password regularly throughout the operating system, even if you’re not doing something that would require it.
Thankfully, there is an easy way to check whether one of the pop-ups are legitimate. But only if you know how.
If one of the pop-ups randomly appears, you should press the home button. If the password prompt is coming from a scamming app, it’ll disappear, since it’s contained within that app; if it’s legitimate, it won’t go away because it’s coming from the operating system itself.
If in doubt, don’t enter the password. While the iPhone regularly requests it, it’s not usually for anything immediate – if it is, you’ll be taken to the relevant app or asked to enter the password again at a later date.
And an important way of securing your phone is to turn on two-factor authentication, which vastly reduces the value of stealing your password in the first place. It means that someone must actually have access to one of your devices to log in, so someone with your password wouldn’t actually be able to get in anyway.
It’s turned on by going into the Settings on your phone and clicking through to the password and security preferences. It can also be done from the iCloud settings on a Mac.