Protect Yourself From iPhone Device Lock Ransom Scams

Don't let hackers lock you out of your own phone

Find My iPhone


The "Find My iPhone" feature of iOS can be a great help to those who have lost their device. Whether you left it at a bar or it's just hiding under a couch cushion, you can use the Find My iPhone website to make your phone play a sound or display a message.

Additionally, you can also lock your iPhone and remotely wipe its contents to prevent thieves from accessing any of the data on your phone. This is precisely the feature that has garnered a lot of attention lately, because scammers are using this feature as a way to attempt to extort money from users who have had their iCloud accounts compromised.

The information in this article covers all current versions of iOS.

About the Device Lock Ransom Scam

The hackers who compromise an iCloud account issue a remote lock command by logging into the Find My iPhone website with the victim's iCloud username and password.

After the hacker logs into the iCloud Find My iPhone website, he places the victim's iPhone in "lost mode," locks it with a four-digit PIN of his choosing and displays a message on the phone's lock screen with the ransom demand information. The victim is told (through a message on the lock screen) that if he or she pays the ransom, the hacker will share the code to unlock the phone.

Create a Strong Password for Your iCloud Account

Hackers need your iCloud login and password to pull off this scam. Many iPhone device lock ransom scams are perpetrated by hackers who have compromised their victim's iCloud account password.

Set a strong iCloud password. Use letters, numbers, uppercase, lowercase, and special characters when you set your password. The longer and more random the password, the better. Creating a strong password is the best way to make sure your data is secure.

Enable a Passcode Lock on Your iPhone

Thwart hackers from locking you out of your own device setting a passcode for your phone.

The Find My iPhone app will only allow the hacker to create a PIN to lock the device if it doesn't have one already defined. If you already have a device lock PIN enabled then they can't replace it with one that they want to use to hold your device for ransom.

Use Apple's Optional Two-Step Verification

Another step you can take to help enhance security and help prevent becoming a victim of the device lock ransom scam is to enable Apple's two-step verification. Activating this feature requires a four-digit code when you log in to make changes to your Apple ID. This code transmits by text messaging or Find My iPhone and adds another layer of security to your account.

Check out Apple's two-step verification FAQ page for details on how the two-step verification process works and how to enable it

What Should I Do If My iCloud Account Has Been Compromised?

Whatever you do, don't pay the ransom. Regain control of your account first and set a strong password, then follow Apple's instructions on how to reset your locked device and restore its contents from your most recent backup.

For more information on steps you can take to secure your iOS device, refer to Apple's iOS Security Guide. This in-depth document provides you with details on pretty much every single security setting available within iOS and tells you what each of them does.