Skip to main content

Beware iPhone Phishing Scams in Wake of iOS Lockouts

Scammers may try to take advantage of the current wave of iPhone "ransom" lockouts by sending out password-reset emails that pretend to come from Apple, experts warn.

Unfortunately, anyone who falls for such phishing emails will only be at greater risk of having an iPhone, iPad or iPod touch held for ransom, or an Apple account hijacked.

MORE: Apple's Find My iPhone Used to Hold Devices Hostage

"Symantec is cautioning users to be skeptical of emails claiming to be from Apple," Symantec security-response manager Satman Narang wrote in a company blog post that offers tips for recognizing Apple phishing scams. 

"This event [the iOS ransoms] presents scammers with more credibility when attempting to phish for Apple IDs," Narang added, "especially now that many users are concerned about the safety and security of their Apple IDs and devices."

Earlier this week, many iPhone and iPad users in Australia and New Zealand discovered that someone calling himself "Oleg Pliss" had remotely activated Apple's Find My iPhone anti-theft feature and used it to set a screen lock.

The hacker — the real Oleg Pliss lives in California and is not involved — demanded $100 to unlock the screen. Instances of "Oleg Pliss" iPhone hijacks have since popped up in Britain and the United States.

In a statement to media outlets, Apple said "iCloud was not compromised during this incident" and that "impacted users should change their Apple ID password[s] as soon as possible."

You'll want to keep a sharp eye out for possible phishing emails that pretend to come from Apple and ask for your Apple ID usernames, passwords and other information. Such official-seeming emails would actually come from cybercriminals.

A hacker could remotely lock your iOS device, or take over your Apple account, with your login credentials. Be skeptical of any emails from Apple that appear in your inbox, especially if the return email address, or the message itself, seem a little off by containing misspellings or shaky grammar.

There are no confirmed reports of phishing being used in iOS ransom cases, according to Mountain View, California-based Symantec, but it's a likely means of attack.

It's not clear how "Oleg Pliss" hijacked the phones. In any case, a "hard" reset that restores the iDevice's original settings will fix the problem.

What would Apple phishing emails look like?

A perfect phishing email would look just like an official email, but luckily, that's rarely, if ever, the case. A phishing email will first establish a false pretense for contacting you, usually claiming that your account needs to be updated, confirmed or verified.

A phishing email may also try more overt scare tactics, telling you your account has been compromised or hacked — as in the iPhone ransom cases. It may also offer you a means of protecting yourself from a real-world threat.

Check the email address from which the message was sent. If you're lucky, the scammers will have made an obvious mistake, as with the recent "Amazoon" phishing scam. If not, then compare the message to previous emails from that company.

A phishing email will often include a link to a webpage where you can "resolve" whatever issue the email claims you have. Don't click on the link, as the page it leads to may contain embedded malware.

If you think the account in question may really have a problem, you should type that account's webpage into your browser yourself, instead of following a link.

If you do click on the phishing link, you'll land on a page that, like the email message, looks official. But again, you'll probably see something off in the URL if you look closely.

Phishing pages often contain text boxes in which you'll be asked to enter your login credentials — in Apple's case, your Apple ID and password. In doing so, you'll be handing over your login credentials. 

Email jscharr@tomsguide.com or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.