There are still some people who believe that due to Apple’s walled garden approach that its devices, like the iPhone and iPad, are “immune” to malware, but over the years, this has been proven wrong again and again. In fact, more recently a blog post by security research firm Sophos has uncovered a couple of new ways that scammers are taking advantage of.
According to the report, despite Apple’s walled garden strategy, it seems that scammers are leveraging two already-existing features for iOS. One of them is Test Flight, which allows developers to create apps and beta test them without having to go through a full app review process.
The report claims that some scammers are taking advantage of this to create fake websites that pose as legitimate companies, and then push their app onto Test Flight where unsuspecting users download them.
Another method involves WebClips, which allows users to add a website to their home screen so that they can access it quicker. These scammers even create logos for these websites to mimic those used by legitimate apps so that users who don’t pay close attention will launch it instead, where they might end up entering their login credentials which can then be stolen.
Both of these methods can be easily detected by those who might be more tech savvy, but if you’re unsure, then the best thing to do is make sure all your downloads come directly from Apple’s own iOS App Store.