Safeguard your Apple ID the way you would look after the key to your home. If it were to get stolen, your iPhone could be held hostage for ransom.
In a hacker conference, a Palo Alto Networks researcher reveals that there’s an underground economy thriving on stolen, abused, and manufactured Apple IDs. This shouldn’t come as a surprise since they can easily be exploited to squeeze money out of their owners.
Why Crooks Set Their Sights on Apple IDs
A hacker that gets a hold of your Apple ID can exploit it in a myriad of ways. From artificially pumping positive user ratings to boost the ranking of suspicious apps in the App Store to locking users out of their devices in exchange for ransom, it’s scary thinking about how vulnerable you’d be having yours stolen.
”Apple IDs are used with too many services,” Claud Xiao, the Palo Alto Networks researcher, says at the conference. True enough, there are more than 20 different Apple services you can access using your Apple ID―Apple Music, iCloud, App Store, iMessage, Find My iPhone, Mac App Store, and Apple Online Store just to name a few. Each one of those can be abused for profit in various ways.
The Nastiest Scam Involving Stolen Apple IDs
Although having your Apple ID stolen may do you enough harm already, some cyber felons take it up a notch. One of the most frightening cases we have heard involving stolen Apple IDs? Scammers using such piece of information to lock legit owners out of their device. The crook resets the password, activates the Find My iPhone lock, and subsequently forces legitimate users to pay for ransom.
The whole incident feels like having your iPhone held hostage even though your device never left your sights at all.
Phishing Apple IDs Off Your Pocket
Of course, online crooks don’t just magically take away your Apple ID. Most typically have to resort to deception to get their hands on your prized Apple possession.
There’s the usual suspect―phishing. Phishing scams are often used by cybercriminals to neutralize the Activation Lock on stolen Apple devices. They’ll often target legit Apple users by telling them their lost device has been found and that they’ll have to log in remotely with their Apple IDs.
They’ll often send these phishing messages via SMS or email. These notifications, mind you, have been carefully curated to look legit to the untrained eye so average users will be fooled into giving away their Apple IDs. They often ask you to confirm your Apple ID by clicking on links that will then lead you to Apple-sounding websites. Examples we’ve seen so far are support-appleid.com and mysecureicloud.com.
Some crooks even go as far as make phone calls using known Apple support lines and pretending to be brand front liners. They’d often direct unlucky victims to a phishing site where they can steal passwords and IDs.
Cyber felons even employ malware to steal Apple IDs. Mr. Xiao, in fact, presented about three iOS malware families that have been designed to steal Apple IDs in a massive scale in the past two years. He also shared that because most users reuse email addresses and passwords for various online accounts, any massive breach (last year’s Yahoo database hack, for example) could potentially compromise Apple IDs.
Protecting Your Apple ID Today
Apple may be busy keeping your accounts/device safe, but this doesn’t mean you can be complacent about security. Do your part in protecting your Apple ID with these tips:
Strengthen Your Password
Your first line of defense against criminal elements is your password. It only stands to reason that it’d be made strong enough to withstand brute force attacks. To start with, never use a password you have used before or currently use for other online accounts. It’s guaranteed that your Apple ID would be highly susceptible in the event that such password will be compromised. Try not to use a character three times in a row or use spaces, too.
Do you feel like you need a hand in making strong passwords that are fairly easy to memorize? Use the best password managers as they can formulate and store formidable combinations so you don’t even need to rack your brains remembering passwords every time!
Enable Two-Factor Authentication
Don’t make it easy for scammers who have maliciously acquired your Apple ID. Give your ID another layer of security with Two-Factor Authentication. It basically prevents unauthorized sign-in and alerts you on another Apple device whenever your credentials are used to sign into another.
By default, you need two crucial pieces of information when you log in with your Apple ID on a new iPhone, iPad, or Mac. That’s the six-digit authentication code and your password. The former is typically sent to one of your previously trusted devices like your iPhone, for instance. This means that you need to have such gadgets at the ready when you log in on a new Mac or iPad.
To enable this security measure, navigate to iCloud Settings > Password & Security. Afterward, turn on Two-Factor Authentication. Keep in mind that you need to verify one trusted phone number to set up the security feature. Apple Support may not be able to help you hasten the process in case you forget your password during login, too. The only option you’re left with in such circumstances is to request account recovery.
It’s definitely an excellent way to foil any plans of stealing your Apple ID.
All a cyber criminal ever needs is to get hold of your Apple ID and he could be robbing you clean. Fortify your defenses and your vigilance could very well keep your accounts and pockets intact.