The iPhone Lock Scam: What It Is And How To Protect Yourself From It

Don't let hackers lock you out of your own phone

Hacker showing smart phone with inscription Hacked.

D-Keine/Getty Images

PRODUCT DISCLOSURE $

The Find My iPhone feature in iOS helps people find lost devices. It can make a lost phone play a sound or display a message. It can also lock the iPhone and remotely wipe its contents to prevent thieves from accessing its data. While this feature is beneficial, hackers and scammers can use it to extort money.

What Is The iPhone Lock Scam?

An iPhone Lock Scam is when a hacker gains access to your iCloud account and uses the Find My iPhone feature to remotely lock your device then extort money from you to unlock it.

How Does The iPhone Lock Scam Work?

The scammer who compromises your iCloud account logs into the Find My iPhone website with your iCloud username and password. Then, they issue a remote lock command, which places the iPhone in lost mode, locks it with a 4-digit PIN, and displays a ransom message on the phone's lock screen. You're then told if you pay the ransom, you'll get the code to unlock your phone.

How Do The iPhone Lock Scammers Find Victims?

Like other hackers, iPhone Lock scammers obtain a victim's login credentials and use them to access the account. Many hackers exploit the fact people sometimes reuse the same login info on multiple accounts. Sometimes, scammers find victims via ransomware—a Trojan Horse-style malware that lets them hijack a person's device—or a key logger virus.

How Do I Avoid Getting Involved In This Scam?

There are a few proactive steps you can take to avoid ransomware-based cons like the Find My iPhone scam.

  • Avoid downloads from dubious sources. This includes links in emails, texts, and social media. Definitely don't run executable files from sites you don't trust.
  • Download anti-virus software for your mobile device and keep it updated.
  • Keep your OS and browser up-to-date.

I’m Already a Victim. What Should I Do?

If your phone is hijacked, don't pay the ransom. Contact Apple to regain control of your account. Follow its instructions on how to reset a locked device and restore its contents from the most recent backup. Then set a strong password, and consider using two-factor authentication if you're not already doing so.

For more information on the steps you can take to secure your iOS device, check out the Apple iOS Security Guide. This in-depth document provides details on the security settings available in iOS and what each one does.

How Do I Avoid Being Targeted For The iPhone Lock Scam? 

Here's how you can avoid becoming a victim of the iPhone device lock ransom scam:

This information applies to all currently supported versions of iOS.

Create a Strong Password for Your iCloud Account

Hackers need a valid iCloud login and password to compromise an account, so it's crucial to choose a very strong iCloud password. Use a combination of uppercase letters, lowercase letters, numbers, and special characters. The longer and more random the password, the better. Creating a strong password is the best way to make sure your data is secure.

Enable a Passcode Lock on Your iPhone

Another way to keep hackers from locking you out of your device is to set a PIN passcode that locks your phone. The Find My iPhone app only allows a hacker to create a PIN to lock a device if the phone doesn't already have one. If you enabled a device lock PIN, hackers can't replace it with one they can use to hold your device for ransom.

Use Apple's Optional Two-Factor Authentication

Another way to enhance security and prevent becoming a victim of the device lock ransom scam is to enable Apple's two-factor authentication. This feature requires an additional 4-digit code when logging in to make changes to your Apple ID, to make purchases via iTunes, and to use other Apple services. This code is sent through SMS or Find My iPhone and adds another layer of security to your account.