{"id":1125,"date":"2021-12-16T08:40:43","date_gmt":"2021-12-16T05:40:43","guid":{"rendered":"https:\/\/files2.tojikon.net\/files-cloud\/2017\/10\/31\/how-to-identify-a-fake-apple-sign-in-prompt\/https:\/\/files2.tojikon.net\/files-cloud\/2017\/10\/31\/how-to-identify-a-fake-apple-sign-in-prompt\/"},"modified":"2021-12-16T08:40:43","modified_gmt":"2021-12-16T05:40:43","slug":"how-to-identify-a-fake-apple-sign-in-prompt","status":"publish","type":"post","link":"https:\/\/tojikon.net\/en\/1125-how-to-identify-a-fake-apple-sign-in-prompt\/","title":{"rendered":"How To Identify A Fake Apple Sign In Prompt"},"content":{"rendered":"<section id=\"related_posts\">\n<div class=\"block-head\">\n<h3>Related Articles<\/h3>\n<\/div>\n<\/section>\n<p>In the early age of the internet, phishing scams were common. Because the internet was new at the time, not many people knew about them and fell victim. That\u2019s changed now but scammers have also evolved with time. The technique is the same; try to look official and fool the unsuspecting user. The difference is how and where they try to get you. Take the example of the Google Docs phishing scam and the Plex media VPN phishing scam that was going around earlier this year. The latest victim of these types of scams could be an iOS device. A malicious app can choose to send users a fake Apple sign in prompt that is indistinguishable from the real thing. If you enter your password, you\u2019ve been successfully phished.<\/p>\n<p>This problem was identified by security researcher Felix Krause who also has a pretty simple solution that you can use to check if you\u2019re seeing a fake Apple sign in prompt, or a legit one.<\/p>\n<h2>Fake Apple Sign In Prompt<\/h2>\n<p>When Apple prompts you enter your password, you only have two choices; enter the password, or tap Cancel to abort an action. If you suspect a prompt you\u2019re seeing is fake, tap\/press the Home button. A fake Apple sign in prompt will disappear when you tap the home button. If the prompt is real, it will remain on your screen.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-222717\" src=\"https:\/\/files2.tojikon.net\/files-cloud\/wp-content\/uploads\/2021\/05\/how-to-identify-a-fake-apple-sign-in-prompt.jpg\" alt=\"\" width=\"1200\" height=\"1081\" srcset=\"https:\/\/files2.tojikon.net\/files-cloud\/wp-content\/uploads\/2021\/05\/how-to-identify-a-fake-apple-sign-in-prompt.jpg 1200w, https:\/\/files2.tojikon.net\/files-cloud\/wp-content\/uploads\/2021\/05\/how-to-identify-a-fake-apple-sign-in-prompt-1.jpg 300w, https:\/\/files2.tojikon.net\/files-cloud\/wp-content\/uploads\/2021\/05\/how-to-identify-a-fake-apple-sign-in-prompt-2.jpg 768w, https:\/\/files2.tojikon.net\/files-cloud\/wp-content\/uploads\/2021\/05\/how-to-identify-a-fake-apple-sign-in-prompt-3.jpg 1024w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"\/><\/p>\n<h2>Does Apple Need To Intervene?<\/h2>\n<p>Krause points out that Apple is very good at vetting the apps that are submitted to the App Store. It\u2019s so diligent that a few years ago the approval time for an app was pretty long and Apple refused to shorten it for the sake of convenience. The company eventually reduced it but not until it knew it could reliably check apps in that shorter time frame. They\u2019re doing reasonably well in terms of keeping malicious apps out of the App Store. That said, Krause has a list of improvements that Apple can make and enforce to keep users safe from these scams. You can read the full list on\u00a0Krause\u2019s personal blog where details of how such a scam can go undetected.<\/p>\n<p>For my part, I find\u00a0Krause\u2019s suggestion to have Apple force developers to add an icon for the app that\u2019s asking you to enter your password pretty reasonable. It\u2019s easy to implement and a visual indicator is always better in cases like this.<\/p>\n<p>To our knowledge, there is no app at present in the App Store that is trying to phish users like this but if there were you wouldn\u2019t suspect it, let alone be able to identify it with a cursory look. This is basically\u00a0Krause giving everyone a heads-up.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Related Articles In the early age of the internet, phishing scams were common. Because the internet was new at the time, not many people knew about them and fell victim. That\u2019s changed now but scammers have also evolved with time. The technique is the same; try to look official and fool the unsuspecting user. The &hellip;<\/p>\n","protected":false},"author":1,"featured_media":1126,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[20],"tags":[28],"_links":{"self":[{"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/posts\/1125"}],"collection":[{"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/comments?post=1125"}],"version-history":[{"count":0,"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/posts\/1125\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/media\/1126"}],"wp:attachment":[{"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/media?parent=1125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/categories?post=1125"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tojikon.net\/en\/wp-json\/wp\/v2\/tags?post=1125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}