iPhone users getting suspicious Apple ID verification prompt asking to enter password for unknown emails: Phishing scam alert

While going through Apple-related subreddits and the official community forums, I noticed a concerning trend. iPhone users are reporting a surge in Apple ID verification prompts that are not just puzzling but potentially dangerous. These prompts are asking users to enter their passwords, but for email addresses that they do not recognize. This has raised alarms across various online forums and social media platforms, with users questioning whether these prompts are part of a phishing scam, a hacking attempt, or a new kind of digital deceit.

The crux of the issue lies in the unexpected nature of these verification prompts. Typically, an Apple ID verification request is a routine security measure — but when the request is for an unknown email, it becomes a red flag. The situation mirrors a phishing scam where attackers masquerade as legitimate entities to steal sensitive information. In this case, the attackers could be using the guise of an Apple ID verification to gain access to users’ accounts and personal data. Here’s a screenshot of the prompt users are seeing:

While similar in nature to past phishing attempts, such as the password reset prompt scam reported by KerbsOnSecurity, I noticed this new scam differs in its approach. Instead of prompting a password reset, it directly asks for the password, creating confusion and concern among users who are unsure if their account security has been compromised. That said, I presume attackers are exploiting the same vulnerability as with the password reset prompt here too, given how similar the situation is. The blog has detailed how the attack works, in case you’re interested in knowing more about it.

Reports from Reddit and Apple community forums paints a picture of widespread confusion and concern. Users are frequently encountering these prompts and are unsure how to respond. The discussions I spotted are rife with speculation and a search for answers, with many advising caution and recommending not to enter any information in response to these prompts.

Apple has always been proactive in educating its users about security. The company’s official support page provides guidance on recognizing and avoiding phishing scams. Users who encounter suspicious emails or messages that appear to be from Apple are urged to report them to [email protected]. This step is crucial in helping Apple track and mitigate such phishing attempts.

If you receive an Apple ID verification prompt for an unknown email, do not enter your password. Instead, follow these steps:

• Dismiss the prompt and do not interact with it.
• Change your Apple ID password immediately to ensure your account remains secure.
• Enable two-factor authentication for an added layer of security.
• Report the incident to Apple to help them track and address the scam.

The emergence of this new scam serves as a reminder of the constant vigilance required in the digital age. iPhone users must stay informed and cautious, especially when dealing with unexpected requests for personal information. By taking proactive steps and reporting suspicious activity, users can help protect not only their own data but also contribute to the broader fight against cybercrime. Remember, when in doubt, reach out directly to Apple for support and guidance.

Granted how widespread and concerning the issue appears to be, I hope Apple releases a statement on the situation publicly. That said, I’ll keep tabs on the situation and will post an update to the article if and when there’s a new development. In the meantime, try voicing your concern directly to Apple for a speedier patch.