iPhones and iPads being Hijacked by scammers – here’s how to protect yourself – EFTM

iPhones and iPads being Hijacked by scammers – here’s how to protect yourself

Imagine you’re using your iPhone and then suddenly a message appears telling you that your phone has been hijacked and to regain access you need to pay a fee...
On this screen the scammer can enter a message which you will see on your device screen - this is where they are message to contact them with payment

Imagine you’re using your iPhone and then suddenly a message appears telling you that your phone has been hijacked and to regain access you need to pay a fee via PayPal. What?  Really?  Yes, and it’s happening right now to Aussie iPhone users.

The problem has been reported widely in the tech press, and the concerns are very, very real.

Some Background

iOS devices like the iPad and iPhone have an outstanding feature available on them called “find my iPhone” – this service operates within the “iCloud” which is a service that backs up your devices, as well as offering a collaborative document sharing and editing service and importantly the ability to find your device.

Apple iCloud sign-in screen

Apple iCloud sign-in screen

If you’ve lost your phone, at the shops or at home – you simply log into iCloud.com and enter your Apple ID (Email address) and password.

Once you’re in the service is fantastic, the best device location and protection service I’ve ever used.  You can see it on the map, and if it’s not on the map you can lock it so that someone who finds it can’t use it – and you can leave a message on the screen so they know how to contact you.

Even if it can be located, you can lock it with a new unique passcode.  Again, leaving a message on the screen.

So how are scammers using it?

This is perfect.  However, imagine someone has your Apple ID Email address and password.  Yep, they can buy some songs on your account, even movies.  But that’s not what they want – they want your money.

So they are visiting iCloud.com, logging in – either using your password obtained during other hacks online, or by guesswork – and they are pretending to be you by locking the device.

It really is that simple.

Once logged in - the scammer just needs to click LOCK on your device (or "LOST MODE")

Once logged in – the scammer just needs to click LOCK on your device (or “LOST MODE”)

The scammer sets a new passcode which you don't know

The scammer sets a new passcode which you don’t know

On this screen the scammer can enter a message which you will see on your device screen - this is where they are message to contact them with payment

On this screen the scammer can enter a message which you will see on your device screen – this is where they are message to contact them with payment

Here’s what that message will look like on an iPad

The same message the scammer typed into iCloud is shown on your device

The same message the scammer typed into iCloud is shown on your device

What should you do

If your device is locked, firstly you can immediately access iCloud.com yourself and click on your device, and click LOST and then STOP LOST MODE.  You’re clear.

If you can get into your iCloud account - you can access lost mode and click "stop lost mode"

If you can get into your iCloud account – you can access lost mode and click “stop lost mode”

If that works, you will get immediate access to your device again

If that works, you will get immediate access to your device again

Now immediately change your iCloud account password.  Hopefully you get there before the hackers do – but, it’s likely they’ll have beaten you to it.

To change your iCloud (Apple ID) password, simply visit appleid.apple.com and click Manage your Apple ID then follow the password options.

In that case, there are ways to bypass the passcode, but they will need you to wipe the device.  So be prepared for that, and probably plenty of other pain.

Number one lesson for today – no matter if you’ve been hijacked – if you own an Apple device: go to appleid.apple.com and change your Apple ID immediately. Make it unique, not something you share with other services.

The Australian government’s Stay Smart Online initiative issued a clear warning on this today – seriously – don’t ignore this one ok.

 

Categories
Tech

Trevor produces two of the most popular technology podcasts in Australia, Your Tech Life and Two Blokes Talking Tech. He has a weekly radio show on 2UE, as well as appearances across the country and regularly provides Technology Commentary to Channel 9’s Today Show and A Current Affair. Father of three, he is often found down in his Man Cave. Like this post? Buy Trev a drink!
4 Comments on this post.
  • Danielle Uskovic
    28 May 2014 at 11:37 am
    Leave a Reply

    Thanks Trevor – this is the best article I have read, written on this new scam.

  • Doug
    31 May 2014 at 5:53 pm
    Leave a Reply

    Thank you Trevor ,
    But how will they get my password, and if I change it now, what is to stop them getting my new password and access again?
    Has there been a security breach?

    • Trevor Long
      31 May 2014 at 8:27 pm
      Leave a Reply

      As I said above, it’s likely they got it through another hack at another company where you use the same login combination, or you have a simple crackable password.

      There has been NO security breach of Apple or Apple services.

      • Doug
        31 May 2014 at 10:28 pm
        Leave a Reply

        Thanks Trevor, I shall pass on your valuable tip /link to family and friends

    Leave a Reply

    *

    *