A number of iOS device users in the United States and Europe have recently become victim of a scary ransom scam. Their device is placed into lost mode, and the scammers demand a payment – anywhere from $30 to $50 – to unlock their iPhone or iPad.
Compromised Apple IDs
The apparent ransom message.
Salted Hash, a security blog from CSO, recently provided more details about the scam.
Hackers first need to acquire a compromised Apple ID by phishing, social engineering, data breach, or other method:
From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.
In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they’re told they have 12 hours to comply or their data will be deleted.
There are a number of outlets online where hackers can purchase compromised Apple IDs.
The blog also details sketchy rumors that 40 million iCloud accounts have been compromised, but that claim is highly suspect.
What you can do
Two-factor authentication can prevent the ransom attack.
The best way to protect against this kind of attack is to enable two-factor authentication for your Apple ID. There’s a comprehensive support document on Apple’s site that details the process.
With two-factor authentication, even if someone knows your password, your account can only be accessed on a trusted iPhone, iPad, or Mac.
If you feel that your Apple ID has been compromised, this document also provides some steps to take.