Watch out for pop-ups in Apple’s default email app
An unpatched bug in Apple's default email app makes it easy to trick people into giving up their iCloud passwords to phishing hackers. The Mail app automatically shows up at the bottom of all iPhone and iPad screens.
The bug exploits a flaw in the Mail app that allows an attacker to load a bogus iCloud login prompt for phishing purposes. It’s designed to trick you into providing your account password.
To avoid this phishing attack:
- Press the cancel button without entering credentials if you’re confronted with an unexpected login prompt.
- To identify a fake prompt, press the home button. If pressing the home button while a prompt is displayed returns your device to the main screen, the prompt is a hoax that shouldn't be trusted. Delete that message.
A further consideration
You might consider installing the Outlook app from Apple’s App Store. If you take this route, make sure to back up your device first (generally via iCloud) and write down your existing account settings before deleting it from the default Mail app. You should also know that your contacts and calendar information will suddenly appear at the bottom of the app rather than as separate apps.
Questions or comments?
We're here to help. Do you have a security-related question or suggestion or want to comment on this article? Contact the IT security officer.
Visit the iRiskAware page on CityTalk for more security-related tips and information.
Published Jun 16, 2015