Be wary of plausible-looking log-in forms – they could be a phishing attack designed to steal your password. An Apple iOS researcher has discovered that it takes hardly any time or expertise to knock together the coding for a bogus pop-up requesting a user’s credentials. Even Apple’s two-factor authentication is far from impregnable.
For instance, the counterfeit form that asks users to ‘Sign in to iTunes’ is almost impossible to distinguish from the real thing – and yet it was the work of a mere quarter of an hour to create it.
As is often the case, malicious actors thrive on human fallibility, carelessness or time pressure. The best way to avoid this pitfall is to click on the ‘Home’ button. If the app vanishes, it’s a phony. Also, avoid entering credentials into a pop up – close it and instead open ‘Settings’ manually.