How to Identify Real Login Popups from Fake Phishing Attacks in iOS 8's Mail App

A recently discovered bug in iOS 8's Mail app by Jan Soucek can allow the maliciously-minded to quite easily phish your iCloud password without you ever thinking something has gone awry. Using a bug that allows remote HTML content to be loaded in place of the original email content, unsuspecting victims would be prompted for iCloud credentials in a popup that resembles the native one found on iOS.

Ars Technica has a detailed breakdown of this exploit, but here's the gist:

1. You receive an email and open it.
2. A typical popup asks for your iCloud login information.
3. Not thinking anything fishy is happening, your enter in your credentials.
4. The popup disappears, and you go about your business.
5. You information in now in the hands of who-knows-who.

How to Keep Yourself Safe from the Mail Phishing Exploit

Though there's a small chance you'll get attacked by one of these phishing emails, it's still a good idea to know how to spot them so you don't become a victim.

1. A legitimate popup of this type will have your username filled in, which cannot be edited. If the username field is blank or can be altered, the popup is not legit.

The real deal will not have a box for username.

The fake one will.

The real deal will not have a box for username.

The fake one will.

Previous SlideNext Slide

2. An authentic popup of this type cannot be dismissed with the Home or Touch ID button. Legit popups can only be dismissed through the "OK" or "Cancel" options.
3. This attack can only be brought up while in the Mail app. So, if you get this popup while in that app, be wary. It's unlikely that you will ever need to authenticate your iCloud password when in Mail anyway.
4. The keyboard will automatically appear with the real authentication popup window. The fake one requires you to click inside of the fields before the keyboard can be accessed.
5. The real popup cannot be moved around, but the fake one can move when the keyboard opens (as seen in the video above).

Keep in mind, that this is a proof-of-concept, but one that should be alarming. According to Ars, Apple officials stated "We are not aware of any customers affected by this proof of concept, but are working on a fix for an upcoming software update."

The patch could come as soon as iOS 8.4, and should absolutely be remedied by the time iOS 9 rolls around.