Today, the topic of iCloud account fraud is very popular. Thematic publications continually churn out the same type of stories about “the friend of the cousin’s brother-in-law’s brother-in-law” who almost lost her expensive iPhone due to her own absent-mindedness. The story that I want to tell you about happened to me personally, and therefore the reliability of the facts presented in it is one hundred percent.
What's happened?
This happened about a week ago, when I was working on creating another material for AppleInsider.ru, simultaneously checking information on the iPad. The resulting idyll was interrupted by the blocking of the tablet, accompanied by a very impudent signature “Lost iPad. Write to ***@gmail.com.” The first thing that came to my mind was that it had been hacked. But how? I have always treated my data with care and never left it in a visible place, which means that absolutely no one could know the password for my account. I will note in parentheses that I never managed to get to the bottom of the truth.
The first is that the iPad I sold a few months earlier might still have some information about my iCloud account, and the current owner decided to seize control of the new device as well. And although I am firmly confident that I have completed all the necessary manipulations to pre-sell the tablet, including formatting and logging out of the account, this particular version seems quite plausible to me.
Second: since I had the sin of using the same password on several sites - albeit a complex one - it could well have been “taken away” by attackers operating in the Android camp (yes, the author of AppleInsider.ru uses an Android smartphone). Read about how exactly this happens in the corresponding material on AndroidInsider.ru. Let me just say that the so-called ClickJacking has already ruined the lives of more than one thousand people. I could easily have been among these victims.
What to do?
At such moments, especially if you think that this could happen to anyone, but not to you, absolutely everything is forgotten. Even I, a person who knows well how to behave in such situations, felt catastrophically helpless. In a panic, I turned to our editor-in-chief, Renat Grishin, for help. It was he who recommended that you first try to regain access to the device yourself, and only then call Apple and sound the alarm. Luckily for me, everything turned out to be much simpler and faster. The device was locked to the previous Apple ID, and everything looked like someone's cruel joke.
- To get started, sign in to your iCloud account and launch Find My iPhone. It is quite possible that the attackers (as was the case in my case) did not have time or did not think of causing more trouble.
- Check the status of your device. In the absence of additional information about the “account,” he could simply be blocked without changing the binding. If you are “lucky”, you can unlock the device in the same section.
- Now set up two-factor authentication on your Apple ID if you haven't already. This identification method will make life more difficult for attackers and guarantees you additional peace of mind. For privacy reasons, it is recommended not to install more than two trusted devices.
- Repeat the same procedure with your email. If you use Gmail, you can do this using this link. Now, every time you log in from a third-party device, Google will send you a confirmation code, which attackers have virtually no chance of receiving.
- Change passwords wherever you can remember. No matter how simple and passable this advice may be, it can save you from being hacked. Don't use simple character sets like "qweasd11" or "asdfgh" and don't write them down on a piece of paper.
- Send the email address at which you were asked to contact the attackers to the address "" marked Phishing Attempt, if possible attaching a screenshot of the screen of the locked device.
If you were unable to restore access to the device on your own, we strongly do not recommend making contact with scammers, much less transferring money to them. Contact the Russian Apple representative office by phone, where they will definitely help you. Be prepared to provide the serial number of the device, as well as additional evidence that the device belongs to you.
Literally every day, as if from a cornucopia, we are bombarded with requests: “The Apple ID has been hacked, help...”. In 100% of cases, targeted hacking is accompanied by blocking of all devices connected to the Apple account, this could be an iPhone, iPad or Mac computer (“dinosaurs” like the iPod Touch are of no interest to anyone). For what purpose? Trite - ransom.
In order not to respond with standard phrases in comments, feedback or personal messages on the site, under the cut I will tell you what to do if your Apple ID is hacked.
Apple ID hacking has been put into practice - unscrupulous people take advantage of the careless attitude of the vast majority of iPhone and iPad owners towards the security of their personal data, and do not hesitate to make good money from it (unlocking an Apple ID with a connected iPhone costs 1000 rubles). We will tell you how they get hacked and how to protect yourself from it another time. Now we will solve the problem “after the fact.”
Why is Apple ID hacked?
The reasons may be “exotic”, but in 99% of cases they are banal:
- Lock your iPhone, iPad, and Mac computers into Lost Mode or completely erase them from iCloud.
- As a result, you will receive a monetary reward for unlocking your Apple ID and devices connected to it.
- Theft of personal data from iCloud cloud storage.
The majority of attackers do not care about your personal data stored in iCloud; they either turn on lost mode on iPhone, iPad and Mac computers, or erase them - if you can’t lock the device with a password (this happens if the victim’s device has Touch ID and a lock password enabled ).
How to find out if your Apple ID has been hacked?
There are 2 ways:
- A message from criminals after blocking your iPhone, iPad, or Mac computer is unexpected.
A message from Apple indicating that your Apple >
We will not consider the first case (there is no need), but the second is interesting.
Remember the scandal with hacking iCloud of celebrities and leaking intimate photos last year? After this, Apple introduced an e-mail notification feature when logging into iCloud from a web browser and in the Find My iPhone application, which cannot be disabled.
Check the notifications:
- On a Mac or Windows computer (or a tablet or smartphone), launch any web browser, such as Google Chrome.
- Go to https://icloud.com and log in (enter Apple >
An email with the subject line: “Your Apple ID was used to sign in to iCloud from a web browser” will be sent to the email address that matches your Apple ID.
As follows: “If you haven't signed in to iCloud recently and you think someone else may have accessed your account, you need to reset your password on the Apple ID page at https://appleid.apple.com. "
If you don't receive the message, check your email service's Spam folder and add the " [email protected] " address to your spam filter exceptions list.
If the message is not in your inbox or spam, clear your cookies and clear site data in your web browser:
- Google Chrome: "Settings -> Show advanced settings -> Content settings -> All cookies and site data -> Delete all."
Safari: "Settings -> Privacy -> Clear all website data."
So, if you received a notification that your Apple ID was used to sign in to iCloud from a web browser or the Find My iPhone app and it wasn’t you, your Apple ID has 100% been hacked.
It will take time for the attackers to change your Apple ID and confirm the changes, but they will do it faster than you can react and change your account password. Therefore there is 2 exit.
iPhone recovery mode
An iPhone can be restored if we know the device ID and password. Unlocking without this information will turn your working phone into a useless piece of hardware. We carefully follow the following steps one by one:
- Turn off iPhone
- Connect to the computer
- In the menu select “Recovery Mode”
- Turn on iTunes and click "OK"
- "Restore iPhone"
- We agree to check for updates if necessary
- Click “Restore and Update”
- Selecting the iOS version
- We confirm the license agreement
- We are waiting for the firmware to download.
Tip: to avoid error “3004” during iPhone recovery, close all browsers and make Internet Explorer the default browser and repeat the steps.
My Apple ID was hacked, what should I do?
Let's imagine for a moment that:
- Attackers have hacked your Apple ID.
- A corresponding notification has been sent to your primary email address (aka Apple ID) specified in your account settings.
- You tried to go into your Apple ID settings and change your password, but were unsuccessful - the ID and password were changed faster than you.
All that remains for you is:
- Wait for a message from the attackers demanding a ransom for Apple >
Inexperienced hackers leave a contact phone number, Skype, ICQ or other contact information where you can contact them and receive further instructions. Contact Apple support and provide your Apple password >
If you don't remember the answers to security questions, Apple support won't help you - they're not stupid there either. All that remains is to pay the ransom. Which?
“How much is opium for the people” or “price list” for unlocking Apple ID
They charge money for information about a new Apple ID and password.
In most cases, the price tag fits within the framework:
- 1000 rubles - with an iPhone connected to Apple ID;
- 2000 rubles with connected iPad;
- 3000 rubles for a Mac computer.
Prices are individual; if several Apple devices are connected to your Apple ID at once, bargain.
The thought that my personal data in iCloud (contacts, notes, photos, tasks and documents) has become someone else's property scares me more than activation blocking. Who knows how they will be used?! If you and I are similar in this regard, contact Apple support as soon as possible, or comply with the demands of the attackers - there is no other option.
Do you have any questions, additions or comments to the material presented? Write in the comments, in messages on the website and in feedback, we do not give personal consultations - there are many of you, and you can count us on the fingers of one hand.
In recent years, Apple has seriously tarnished its reputation - no one believes that the company is able to ensure the safety of users’ personal data. Apple ID hacks are happening with alarming frequency - fortunately, there are effective ways to deal with hackers.
What is the purpose of hacking an iPhone?
The reason for hacking Apple ID in 90% of cases is the thirst for profit. Returning to the celebrity story, let us clarify that the hackers did not just post intimate photos online – they sold them for cryptocurrency (bitcoins).
The personal information of an ordinary user is of no interest to scammers - no one needs it, and it will not be possible to sell it. Personal data is valuable only for the owner of the iPhone who has suffered from a hacker attack - it is he who the attackers are trying to “swindle” him out of money, using banal blackmail in the spirit of “pay or we will delete the information FOREVER.”
The purpose of hacking an Apple ID can be more “sublime” - for example, the desire of a jealous guy to find out the truth about his beloved. Such cases, however, are rare - “home hackers”, as a rule, are not competent enough to bypass the “defensive redoubts” of Apple cloud storage.
How do you know if your iPhone has been hacked?
The attackers themselves inform users that their Apple account has been hacked. If a request to pay for unlocking appears on the gadget’s screen, you can be sure: you have been “hacked”!
Most often, the message on the screen is written in Latin letters, but in Russian. For example, like this:
The message always contains a mailing address, which the user is asked to write to in order to receive instructions on unlocking the iPhone.
Another sign of “hacking” is the presence in the mail (the address of which coincides with the Apple ID ) of a letter notifying that iCloud accessed from a web browser using your authorization data.
The letter always contains information about the browser used to log in and the PC operating system. If a browser is mentioned that has never been on your computer, this is an obvious reason to sound the alarm.
Similar notifications are sent to your email after each visit to iCloud . If the real owner of the account logged into the “cloud” an Apple ID then he should send such a letter to the “Trash” the first time he checks the mailbox - so as not to get confused later and not miss the message about the threat.
Installing new firmware via DFU
A method that will reset all data to install new firmware. The problem is solved in DFU mode. For iPhones 6, we get to the menu by simultaneously pressing the “Home” and “Power” buttons for 10 seconds.
To use the function for iPhone 7, you need to follow these steps:
- Connecting the gadget to iTunes
- Press and hold the “Volume Down” + “Mute” buttons
- Hold it until the iPhone turns off
- Release the “Shutdown” button
- The DFU mode screen appears
- We agree to check for updates
- After the message that the device is in recovery mode, click “OK”
- We install the firmware by downloading it in advance.
What to do if your Apple ID is hacked?
The main mistake of an Apple equipment owner who has become a victim of hackers is panic . Due to the fact that the text of the message from the attackers contains the loud words “FOREVER”, “IRREVOLVABLE”, the user begins to be afraid and loses all ability to reason sensibly. And common sense must tell you: even if you pay, the data can be deleted !
Fraudsters do not give any guarantees that the iPhone will be unlocked after payment. The “swindle” of money can continue indefinitely : after transferring the initially agreed amount, the attackers will definitely demand more, because they will understand that they are dealing with a solvent citizen who, at the same time, does not really understand mobile technology.
Users of Apple electronics should be warned: you cannot pay hackers - this business is completely meaningless!
But how then can you regain access to your account? Experts advise taking the following steps to unlock your iPhone.
Password reset
You can reset your Apple account password at www.iforgot.apple.com. Proceed like this:
Step 1 . On the start page, enter the Apple ID (which you want to unlock) and enter the captcha.
Then click Continue.
Step 2 . On the next page, select the “I want to reset my password” option and click “Continue” again.
Step 3 . Next, decide on a password reset method. There are only two options : via e-mail or by answering security questions.
There is no objectively simpler method : each user has his own opinion about the convenience of both options. We prefer “Receive message by e-mail”.
Step 4 . After you click Continue, you will see this message:
Open your mailbox and look for an email from Apple. The content of the letter will be something like this:
Click on the “Reset Password” link.
Step 5 . Set a new Apple ID (according to company requirements) and click on the “Reset Password” button.
You can't set a password that has already been used for that Apple ID within the last year.
If the password reset procedure is successfully completed, the following message will appear on the PC screen:
After receiving a new password for your account, go to www.icloud.com and deactivate “Lost Mode”. After this, you will be able to use your iPhone again.
Is it worth going through such radical methods if you just forgot your password?
Of course no. The best solution would be to try to restore the mailbox, and if this fails, write to the company’s support and explain the current situation. This is especially true for those whose accounts have been hacked: the correct thing to do would be to report this to Apple, and also note the very important information that it was your iCloud that was hacked.
How to protect your iPhone from hacking?
The most effective way to protect your iPhone from hacking is to set up two-factor authentication . The essence of two-factor authentication is that the user cannot make changes to Apple ID , as well as make purchases in the AppStore and iTunes Store the verified for each operation . This method of protection has long been successfully used by American, European and Australian users of Apple technology.
Two-factor authentication and two-step verification are different security measures. Apple's website claims that two-factor authentication uses different, more modern methods to verify verified devices and issue 4-digit codes.
You can set up two-factor authentication on the Manage Apple ID . Log in, then in the “Security” block, find the “Two-factor authentication” section and click “Configure”.
A window will appear that briefly explains what two-factor authentication . Click on “Continue”.
Next, you will see instructions on how to activate two-factor authentication through the “Settings” of the iPhone and through the “System Preferences” of the Mac.
Two-factor authentication is only enabled on mobile devices running iOS 9 and above . If your iPhone has a less modern OS, you'll have to resort to "legacy" two-step verification. You can activate this security measure on the page www.appleid.apple.com/account/manage/2sv, in the “Security” block.
You can only enable two-step verification 3 days after significant changes have been made to your account information—Apple explains this limitation for security reasons. In our example (in the figure above), the company recommends returning to activating two-step verification on March 1, because at about 3 o'clock in the afternoon on February 26, we changed our Apple ID .
Setting up two-factor authentication is not the only measure to prevent hacking of a mobile device . Experts also advise users to set complex passwords. Apple's password requirements are strict, but as history shows, they are still not strict enough. It is better for Apple account owners to use the most random combinations of characters : the password should not include any memorable dates, initials, or dog names - otherwise it cannot be considered reliable.
Tip: Exclude payment information from your account information. If you still fail to protect your iPhone from being hacked, at least you won’t have to worry about your bank card balance.
Remote iCloud service
The recovery method is in many ways similar to the previous one. You can unlock your gadget remotely. If you are in another city or country, you can restore your iPhone if the “Find iPhone” function was previously enabled. To do this, we perform several steps:
- Go to iСloud.com
- Enter Apple ID
- Select the desired device in the “All devices” section
- Click “Erase iPhone”.
The information from the iPhone will be deleted and the phone will be unlocked. This method is limited in that it requires a Wi-Fi connection and device ID data.
Sources used:
- https://tarifkin.ru/mobilnye-sovety/kak-obojti-parol-na-ajfone
- https://geekon.media/kak-vzlomat-razblokirovat-iphone-instrukcija/
