iPhone users have been warned of a new type of phishing scam that tricks you into giving away your Apple ID.

Malicious iOS apps can easily create fake login pop-ups that look exactly like the ones used by Apple, an expert cautioned.

The login boxes usually appear when you try to install or update an app, and ask you to enter your Apple ID password before you can continue.

If you input your password into one of the fake boxes, the attacker could steal it and use it to access your credit card information, the MailOnline reported.

Advertisement

Mobile app developer Felix Krause, based in Vienna, Austria, published a proof-of-concept on his blog on Tuesday that showed how easy it is to copy Apple's 'Sign In to iTunes Store' prompt to take a user's password.

Mr Krause said malicious developers can turn on alerts inside their apps that look almost identical to Apple's pop-ups using a simple bit of code.

'Users are trained to just enter their Apple ID password whenever iOS prompts you to do so,' Mr Krause wrote in his post.

"However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases. This could easily be abused by any app."

The legitmate login popup can be seen on the left, with the remarkably similar fake seen on the right. Photo / Felix Krause
The legitmate login popup can be seen on the left, with the remarkably similar fake seen on the right. Photo / Felix Krause

Hackers who access your Apple ID password could make fraudulent purchases and potentially steal your payment information.

If you use your Apple ID password elsewhere, like your online banking service, cyber criminals could use it to crack your accounts.

You can protect yourself from the fake pop-up scam by never inputting passwords into an Apple pop-up.

Instead, Mr Krause said, you should go into your iPhone's settings menu and enter it there to confirm it's a real request from Apple.

Krause said the best way to not be duped was by entering your login details via settings. Photo / Felix Krause
Krause said the best way to not be duped was by entering your login details via settings. Photo / Felix Krause

You can also click the home button whenever a pop-up is shown.

Mr Krause said this will close the app if it is a phishing scam, but the pop-up will remain if it is a legitimate Apple ID request.

You should also always have two-factor authentication activated on your Apple account for an extra layer of security.