With sales of the iPhone and iPad booming and an ever-increasing number of app and music downloads via the App Store and iTunes, the number of attacks on Apple accounts has also risen.
Some have found their accounts compromised and expensive (often Chinese) apps purchased, mostly because their accounts were secured with a simple password or they had been the subject of a previous phishing attempt.
In the past 24 hours, Apple appears to have started prompting iOS devices owners and those with Apple IDs within iTunes to make their accounts more secure, requiring them to pick three security questions and enter their answers when they download a new app.
The company is also asking users to enter a backup email address, in order to better protect their device but also their account (which is tied to Apple’s Retail website and all of its media services).
You can see the “Security Info Required” popup and entry screen below:
Once the user has entered their questions, answers and a backup email address, they are sent an email to verify the changes.
You’ve taken the added security step and provided a rescue email address. Now all you need to do is verify that it belongs to you.
The rescue address you have given us is firstname.lastname@example.org. Just click the link below to verify, sign in using your Apple ID and password, then follow the prompts.
The rescue email address is dedicated your security and allows Apple to get in touch if any account questions come up, such as the need to reset or change your security questions. As promised, Apple will never send you any announcements or marketing messages to this address.
Apple is also requesting the same information to be entered via iTunes, at least according to some users.
Whilst the new prompt will undoubtedly help secure accounts, many Apple device owners are confused by the new pop-up message and believe it is a phishing attempt. In the past 24 hours, a number of threads have popped up on Apple’s Support Forums that discuss the added security step, questioning its authenticity.
One user posted:
I had the same issue on my iPhone 4 today and also was worried that it might be a virus or phishing exercise. It is certainly worded like one.
But from all the other replies in this thread, it seems like people are saying it is a valid request from Apple, is that right?
It appears that Apple is routinely updating its security practices to ensure users are aware of their privacy and account security settings.
It’s a step in the right direction, but the unwarranted pop-up has users worried — but in this case it’s nothing to be worried about.