Apple also introduces new privacy protection and anti-phishing tools in iOS 11.3 and macOS 10.13.4, which are currently in beta.

Apple introduces new privacy protection and anti-phishing tools in iOS 11.3 and macOS 10.13.4. What are these tools, what do they do, and how else should you protect yourself against phishing attacks?

What are these tools?

Apple’s new Privacy icon appears whenever Apple’s apps ask for your personal information, helping you to avoid clicking on phony pop-ups asking for this data.

The introduction of the tools follows October’s convincing proof-of-concept phishing attack by developer Felix Krause. This fake password prompt looked incredibly convincing.

This form of convincing phishing attack exploits your trust. We’ve become very used to Apple services requesting our Apple ID with dialog boxes that look like this, but Krause’s exploit showed how easy it is to subvert these protections. That’s why Apple has added a new Privacy icon, which will only appear when a legitimate request is made.

The screen looks like this

What do they do and how do you use them?

When you first install iOS 11.3 and macOS 10.13.4 you will be shown a new splash page on which Apple explains the new feature.

In use, you will see a privacy icon appear when an Apple app or feature is asking to use your personal information.

We’re aren’t yet sure where the icon will appear, but it seems most likely we’ll see it in the top menu bar.

This icon should appear whenever Apple needs authorization to enable features, personalization or access to services.

Convincing phishing attack. Thanks to Felix Krause.

How else can you protect yourself?

While Apple’s platforms are highly secure, phishing attacks rely on tricking users into subverting their own security. That’s why all the common-sense advice matters so much:

• Never click on links in emails from people you don’t know
• Be particularly careful when clicking links in Facebook’s Messenger, there have been virulent phishing attacks there.
• Never download applications from sources you do not trust
• Use complex, unique passwords.
• Use 2-factor authentication

Krause explains several ways to protect yourself even better against attacks like these:

• When you see an Apple ID dialog box appear, tap the Home button. If the dialog box remains when you return to the Home screen, then it is likely to be a genuine Apple ID request. If it does not remain visible then you’ve likely just avoided a phishing attack.
• Never enter your Apple ID details into a pop-up, navigate to Settings and enter it there instead.

One major warning:

“If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.”

You’re much better off tapping the Home button to escape.

Apple also hosts a support page that offers some good advice on avoiding phishing attacks here.

Want to try these new features? You can, just join Apple’s Beta Software program, though you may want to avoid using beta software on your primary Mac or iOS devices as beta software can sometimes be buggy. Having said that, these releases seem quite advanced in development, so you may be OK.