Beware iPhone Phishing Scams in Wake of iOS Lockouts

Scammers may try to take advantage of the current wave of iPhone "ransom" lockouts by sending out password-reset emails that pretend to come from Apple, experts warn.

Unfortunately, anyone who falls for such phishing emails will only be at greater risk of having an iPhone, iPad or iPod touch held for ransom, or an Apple account hijacked.

MORE: Apple's Find My iPhone Used to Hold Devices Hostage

"Symantec is cautioning users to be skeptical of emails claiming to be from Apple," Symantec security-response manager Satman Narang wrote in a company blog post that offers tips for recognizing Apple phishing scams. 

"This event [the iOS ransoms] presents scammers with more credibility when attempting to phish for Apple IDs," Narang added, "especially now that many users are concerned about the safety and security of their Apple IDs and devices."

Earlier this week, many iPhone and iPad users in Australia and New Zealand discovered that someone calling himself "Oleg Pliss" had remotely activated Apple's Find My iPhone anti-theft feature and used it to set a screen lock.

The hacker — the real Oleg Pliss lives in California and is not involved — demanded $100 to unlock the screen. Instances of "Oleg Pliss" iPhone hijacks have since popped up in Britain and the United States.

In a statement to media outlets, Apple said "iCloud was not compromised during this incident" and that "impacted users should change their Apple ID password[s] as soon as possible."

You'll want to keep a sharp eye out for possible phishing emails that pretend to come from Apple and ask for your Apple ID usernames, passwords and other information. Such official-seeming emails would actually come from cybercriminals.

A hacker could remotely lock your iOS device, or take over your Apple account, with your login credentials. Be skeptical of any emails from Apple that appear in your inbox, especially if the return email address, or the message itself, seem a little off by containing misspellings or shaky grammar.

There are no confirmed reports of phishing being used in iOS ransom cases, according to Mountain View, California-based Symantec, but it's a likely means of attack.

It's not clear how "Oleg Pliss" hijacked the phones. In any case, a "hard" reset that restores the iDevice's original settings will fix the problem.

What would Apple phishing emails look like?

A perfect phishing email would look just like an official email, but luckily, that's rarely, if ever, the case. A phishing email will first establish a false pretense for contacting you, usually claiming that your account needs to be updated, confirmed or verified.

A phishing email may also try more overt scare tactics, telling you your account has been compromised or hacked — as in the iPhone ransom cases. It may also offer you a means of protecting yourself from a real-world threat.

Check the email address from which the message was sent. If you're lucky, the scammers will have made an obvious mistake, as with the recent "Amazoon" phishing scam. If not, then compare the message to previous emails from that company.

A phishing email will often include a link to a webpage where you can "resolve" whatever issue the email claims you have. Don't click on the link, as the page it leads to may contain embedded malware.

If you think the account in question may really have a problem, you should type that account's webpage into your browser yourself, instead of following a link.

If you do click on the phishing link, you'll land on a page that, like the email message, looks official. But again, you'll probably see something off in the URL if you look closely.

Phishing pages often contain text boxes in which you'll be asked to enter your login credentials — in Apple's case, your Apple ID and password. In doing so, you'll be handing over your login credentials. 

Email or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects. 

  • dro2
    If you don't have 2FA turned on you're an idiot and deserve everything you get. That applies to anything online.
  • rantoc
    If people are so stupid that they fall for this they deserve it - All tho i think its a bigger chance in the case of an regular Apple user who think their safe after years of Apple brainwashing them into believing their products are invulnerable.
  • MalcolmTucker
    It will be interesting when Apple centralizes power related to in-car entertainment, home and car security. It will become a large target; likely a bigger target than Microsoft ever was.

    Microsoft platforms are used to collect and manage data, often corporate records, which can be reassembled, or recreated if they dissappear. But if Apple starts creating platforms for home automation, and security, and develop devices to manage physical things, It's not difficult to imagine it will attract much more attention of hackers because of the typical, and wealthier demographics of the usual Apple customer.
  • house70
    If people are so stupid that they fall for this they deserve it - All tho i think its a bigger chance in the case of an regular Apple user who think their safe after years of Apple brainwashing them into believing their products are invulnerable.

    It's amazing how years of hearing a lie has turned all these people from common sense. Apple (and it's products) is not different from any other tech in existence. Anything that is man-made can be man-undone (so to speak).
  • Polu3
    Here is an article about which steps you should take to protect yourself from phishing attacks. There are mentioned 3 easy steps, which can save your money and personal information.