iPhone Apple ID scam: How to avoid having your password stolen by 'shockingly' convincing con

It's easy to stay safe – if you know how

Andrew Griffin
Thursday 12 October 2017 09:53 BST
Comments
The woman's iPhone reportedly helped save her life
The woman's iPhone reportedly helped save her life (REUTERS/Stephen Lam )

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

There's a terrifyingly simple iPhone scam that could steal your most personal information. But there's an easy way of staying safe – so long as you know about it.

The newly identified scam means that apps can show a password login box on your iPhone that looks exactly like the legitimate one that comes from Apple. Since it looks real, most people will enter their password – and with it, give the scammer access to their Apple ID.

Once someone has that, there's the potential to wreak havoc. The Apple ID secures everything on your phone – your photos, your messages, your browsing history and more – and unless you're using two-factor authentication it can be all anyone needs to get in.

The scam works by creating a pop-up within a compromised app that looks exactly like the password pop-up screen. There's no obvious way of telling the difference from a real one, since Apple pops up that password regularly throughout the operating system, even if you're not doing something that would require it.

Thankfully, there is an easy way to check whether one of the pop-ups are legitimate. But only if you know how.

If one of the pop-ups randomly appears, you should press the home button. If the password prompt is coming from a scamming app, it'll disappear, since it's contained within that app; if it's legitimate, it won't go away because it's coming from the operating system itself.

If in doubt, don't enter the password. While the iPhone regularly requests it, it's not usually for anything immediate – if it is, you'll be taken to the relevant app or asked to enter the password again at a later date.

And an important way of securing your phone is to turn on two-factor authentication, which vastly reduces the value of stealing your password in the first place. It means that someone must actually have access to one of your devices to log in, so someone with your password wouldn't actually be able to get in anyway.

It's turned on by going into the Settings on your phone and clicking through to the password and security preferences. It can also be done from the iCloud settings on a Mac.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in