If you use your iPhone or iOS device like an iPod Touch or iPad to do mobile banking or buy things online pay attention. A German Security expert has discovered a simple trick that makes it incredibly easy to trick iPhone users into thinking they are on a legitimate website.
The security flaw was discovered by Nitesh Dhanjani who has posted a video showing how the attack would work. In the short demonstration below you can see how easily a user could get tricked into visiting the wrong website and handing over personal information such as their bank account login info.
The image below from Dhanjani provides a closer look at what is happening. The image on the rights shows a fake browser bar that looks real. You can test out the security flaw demo by visiting Dhanjani's iPhone spoofing demo on your iPhone.
Dhanjani has reportedly contacted Apple about the issue, writing on his website: "I did contact Apple about this issue and they let me know they are aware of the implications but do not know when and how they will address the issue."
While Apple may not have a means of protecting users against phishing attacks on the iPhone and other iOS devices, we have some tips to keep yourself safe.
1. Bookmark the right address
Type in the address right now, verify it is correct and bookmark it. Next time you need to login, use your bookmark it's faster and safer.
2. Never follow email links to login pages
If your bank or another website emails you and asks you to login, don't follow the link since it could be a phishing attempt. Instead use your bookmark or wait until you get to your computer.
3. Use an app
If you are fortunate enough to have a bank with an iPhone app, use that instead of the web browser. That way, you'll know that you'll end up at the right place. Also, many of these apps have the option for additional security settings to block your account information from prying eyes.
iPhone Users at Risk of Falling Prey to Crafty Phishing Attack