Several iPhone users say their phones have been hijacked by extortionists who’ve managed to ‘hack’ the Find My iPhone security tool.
The victims have discovered that the tool — which is meant to be used by phone owners if their handset is lost or stolen — has been activated and their phone locked. They’ve then seen an on-screen message saying the phone has been hacked and demanding a PayPal payment of either $50 or $100.
It appears most of the victims are in Australia, though a few are from other countries. Early theories that all the victims were using the same cellphone carrier or the same ISP don’t appear to be the case.
While precise details vary in each report, it appears that once the message has been sent, the user can simply unlock the phone by typing in their four digit passcode. Those who don’t use a passcode can only resort to carrying out a factory restore. PayPal has said it will refund anyone who made a payment to the scammers.
How the scammers were able to pull this off isn’t yet clear, creating speculation they may have got their hands on a list of iCloud user names and passwords. It’s also possible the scammers were using a stolen database from another site or service and have successfully targeted people who use the same password on multiple sites. Several victims who’ve posted about the iPhone issue have said they reuse log-in details, though there’s no common link established yet about which site might be the source.
To add to the confusion, some opportunistic phishing scammer has begun sending out e-mails that appear to be from Apple and tell the recipient their Apple ID has been disabled. The e-mail then asks the user to click a link to confirm their details.