It may have been repeated numerous times, but for some reason people just don’t listen when it comes to giving out a password via email.
The latest scam hack attack comes from a bunch of hackers that want your iCloud password. Surprisingly, more than a handful of people have fallen prey to this scam already - here’s what you need to know!
The Email Trick
The hackers behind the iCloud password scam have gotten really clever. This scam works thanks to an email that looks like an official Apple email. The subject line is often ‘Apple ID Password,’ and when you open it the message will ask you for your iCloud password. Now, that might be enough to dissuade some people from even considering the fact that this could be a legitimate email from Apple, but there’s more.
In addition to asking for your password, the email contains a small pop up that looks exactly like the one you have probably seen a million times before downloading an app - the pop up that asks for your Apple iCloud password. Since this looks like the real deal, tons of people are now happily handing over iCloud passwords thinking that Apple wants this information. Pretty clever, right?
Why It Works (and Doesn’t)
After you click the ‘ok’ button, the dialogue box disappears and nothing else happens. This leaves some people that do enter password information puzzled, but the trick still works and most people go about their business. Now, if you’re sceptical of the email (as you should be), and look at it closely enough, you’ll find that there are some major differences between the fake iCloud password box and the real deal.
In addition to other details, if you were to tap the Home button, the dialogue box would disappear (this doesn’t happen with the real deal). But, you really have to look for those differences. If you have enabled two-step identification, you don’t need to worry about this scam. But most iCloud users haven’t enabled two-step or aren’t sure how to do it.
What Happens
As soon as you give your iCloud password to a group of hackers, those nice folks can seize your iCloud account. This can cause all kinds of problems since your credit card information and other details are stored in that account. Details of the hack have been reported to Apple, but the company has yet to respond to the issue. In fact, the hack was noted and reported back in January by some users, though this didn’t cause Apple to react as you might think it would.
Since the bug still exists, the best thing to do is be aware of this issue - and never give out a password via email. It really doesn’t matter what company the password request is coming from. No company will ask for this kind of information through email, it’s just not going to happen. If you do find an email suspicious, do yourself a favor and make sure to Google it first - there’s a good chance that someone else has encountered the same issue and made a note of it.