Authorities in Singapore are warning residents of a new ransom scam targeting iPhone users in the area.
Ransomware and similar attacks are nothing new, but this particularly scam involves some devious social engineering techniques to gain access to iOS devices.
‘Beta Testing’ Scam
According to Channel News Asia, the scam kicks off with an attacker contacting a potential victim using Facebook or another social media platform. They then offer the victim a lucrative “job” as a video game tester.
As you can imagine, getting paid to play games would be an enticing offer, particularly for younger iPhone users.
After the scammers hook someone, they instruct the victim to log into a specific Apple ID that they provide. Presumably, this involves getting a user to log out of their own accounts and telling them that this is some type of special beta testing account.
Once a victim logs in, the victim’s iPhone will appear on the attacker’s Find My iPhone account. That means the scammer can remotely activate Lost Mode and then demand a ransom to unlock it.
How to Protect Yourself
While this scam appears to be targeting users in Singapore, fraudsters may very well use similar techniques against iPhone users in other parts of the world.
As mentioned earlier, ransom attacks are fairly common — and they’ve targeted Apple users in the past. But they normally rely on phishing a user’s Apple ID and login credentials. This can be easily mitigated by familiarizing yourself with phishing techniques and enabling two-factor authentication.
This new scam method, however, works a bit differently. An attacker doesn’t even need the user’s Apple ID email address if they can simply get the user to log into an account that they can already access.
There isn’t a software-based mitigation for this type of scam. Enabling 2FA, for example, wouldn’t stop it.
The only way to stop this attack is to avoid logging into an Apple ID that a random person gives you.
And while it may seem obvious to you that you shouldn’t log into a strange Apple ID on your own device, the scam appears to be targeting younger users who might not know that. If you have kids with iOS devices, make sure to keep an eye on who they’re talking to and let them know not to fall for this scam.
In the unlikely event that you’ve been locked out of your device, you should contact Apple Support at this link.
This article was originally posted here