Latest iPhone and iPad Phishing scam

(Jennifer Abel @ ConsumerAffairs) Since this is a consumer website rather than an etiquette-advice column, we frequently remind everyone that when dealing with businesses in the modern interconnected era, you must always take the otherwise-rude attitude “Don't call me; I'll call you.”

For example: if you have, or think you might have, a problem with [pick one or more]: your bank, Netflix, Microsoft, Amazon, eBay, PayPal, electric company or any other account, you should definitely contact your bank or whoever, to see about fixing that problem.

But if everything seems fine and then suddenly, out of the blue, you get a text, phone call, email or any other message saying “Hi, this is your bank or Netflix or whoever, telling you there's a huge problem with your account so you need to give us some verification information right away” — don't believe it. Chances are that unsolicited message is actually from a scam artist posing as a legitimate business entity in hope of tricking you into handing over confidential information.

That said: if you're the worrywart type who simply can't ignore such a message, just in case there really is a problem, feel free to contact the company in question; just don't use the contact information you received in that unsolicited message. Go online (or even look in an old-fashioned phone book, if you want to contact the local electric company) and seek out the contact information yourself.

Worse than usual

All such scams are awful, especially from the victims' perspective, but the most recent one is even worse than usual: not just a phishing scam, but one targeting those already victimized by a previous scam! So far it's mainly been affecting people in Australia and New Zealand – but it has recently made it to America, and it's spreading.

The initial scam involves iPhone or iPad users being “locked out” of their devices after a scammer figured out how to hack the otherwise-useful “Find My iPhone” feature: try using your device and you are only able to access your email, where you find a note ordering you to put $100 into the scammer's PayPal account if you want the device unlocked.

That particular ransom email is “legitimate” – so much as any criminal ransom note can be “legitimate” – in that it actually is from the hacker himself.

A mere two days later, on May 29, security bloggers at Symantec warned of scammy phishing emails, allegedly from Apple, purporting to protect iFolks from being ransomed out of their iStuff.

The emails claim that the victims' iCloud infrastructure had been breached, so you have to change your password right now.

Of course, if you are foolish enough to fall for it, what actually happens is that you give your password to a scammer, who can then use it to break into your iThing and then do pretty much whatever he wants—anything from lock you out of it, to stealing or corrupting any files within.

Some of the subject headings in those sleazy emails included:

Please update your Apple account now

Apple – Your Account Is Not Confirmed

Please Verify Account Information For Your Apple ID

please verify the email address associated with your Apple ID

Incidentally, such language is hardly unique to this Apple-flavored phishing attempt; phishers pretending to be from Netflix, your bank or any other company often use the same phrasing. The whole idea, from the scammers' perspective, is to sound scary and ominous enough to override your usual sense of anti-scam skepticism.