The University of Nebraska ITS Security team would like you to be aware of a new phishing attack targeting Apple iOS devices. The phishing attack prompts the user to enter their iTunes Store credentials to see further information. The fake dialog box mimics the Apple’s official system dialog. As reported in the media, users are tricked into giving away their Apple ID credentials, allowing the thief to access the user’s iCloud account and data. The fake dialog box looks so real, it is difficult to know if it is an authentic Apple login request.
To protect yourself from this phishing attack, it is suggested when prompted on your iOS device to enter any of your credentials, hit the “Home” button first. If the dialog box continues to prompt you for your credentials, it is an official Apple request. If the dialog box disappears, it was a phishing attack.
If you encounter an App or website that you determined was trying to steal your Apple credentials, send an email to email@example.com to report the App or website. If it was an App, remove the App from your device.
In addition, for MacOS computers, users should make sure they have the latest OS updates applied.
For more information, visit this article.