Protect Yourself From iPhone Device Lock Ransom Scams

Don't let hackers lock you out of your own phone

Find My iPhone
Photo: Screen Capture / Apple

The 'Find My iPhone' feature of iOS can be a great help to those who have lost their device, Whether you left it at a bar or it's just hiding under a couch cushion, you can use the Find My iPhone website to make your phone play a sound or display a message.

Additionally, you can also lock your iPhone and remotely wipe its contents to prevent thieves from accessing any of the data on your phone. This is precisely the feature that has garnered a lot of attention lately, due to the fact that hackers and scammers are using this feature as a way to attempt to extort money from users who have had their iCloud accounts compromised.

The scammer and/or hackers that compromise an iCloud account can simply issue a remote lock command by logging into the Find My iPhone website with the victim's iCloud username and password.

After the hacker or scammer logs into the iCloud Find My iPhone website, they can place the victim's iPhone in "lost mode", lock it with a 4 digit PIN of their choosing, and display a message on the phone's lock screen with the ransom demand information. The victim is told (via a message on the lock screen) that if they pay the ransom, they will be given the code to unlock their phone.

How Can You Avoid Becoming a Victim of the iPhone Device Lock Ransom Scam?

Create a Strong Password For Your iCloud Account

Hackers need a valid iCloud login and password in order for them to pull off this scam.

It appears that the current batch of iPhone device lock ransom scams are being perpetrated by hackers who have simply compromised their victim's iCloud account password.

It's crucial that your iCloud password be a very strong one. Make sure to use letters, numbers, uppercase, lowercase, and special characters when creating your password. The longer and more random the password, the better. Check out our article on How to Create a Strong Password for some additional guidance on password construction.

Enable a Passcode Lock on Your iPhone

Another way to thwart hackers from locking you out of your own device is by ensuring that you set a PIN passcode for locking your phone.

The Find My iPhone app will apparently only allow the hacker to create a PIN to lock the device if it doesn't have one already defined. If you already have a device lock PIN enabled then they can't replace it with one that they want to use to hold your device for ransom.

Use Apple's Optional Two-step Verification

Another step you can take to help enhance security and help prevent becoming a victim of the Device Lock Ransom Scam is to enable Apple's Two-step Verification. Enabling this feature will require a 4-digit code to be entered when attempting to log in to make changes to your Apple ID,  to make purchases via iTunes, etc. This code is sent via SMS and/or Find My iPhone and helps to add another layer of security to your account.

Check out Apple's Two-step Verification FAQ page for details on how the Two-step verification process works and how to enable it

What Should I Do If My iCloud Account Has Been Compromised

Whatever you do, don't pay the ransom. Regain control of your account first and set a strong password, then follow Apple's instructions on how to reset your locked device and restore its contents from your most recent backup.

For more information on steps, you can take to secure your iOS device, check out Apple's iOS Security Guide this in-depth document provides you with details on pretty much every single security setting available within iOS and tells you what each of them does.