Felix Krause, developer, created proof of concept phishing attack that looks identical to the official system popups in iOS requesting your password. He has proven how criminals can program an app to run certain code only after Apple has approved it for a spot in the App Store. Because iOS has “trained” users to automatically enter their password whenever prompted, without question, this phishing attempt has proven successful.
Recommended Defense Against these Attacks:
- Hitting the home button when any popup appears in iOS. If the app and the pop up both disappear this was a confirmed phishing attack.
- You can protect yourself further by dismissing popups altogether and instead only enter your password information in the Settings app.