I received an email from AVG virus protector, or someone purporting to
be them (and displaying their logo) telling me that iPhones and iPads are
being held at ransom by hackers demanding payment. So, they say, I should
change my Apple ID password immediately.
To do this, they tell me, I should go to: https://appleid.apple.com/
and follow the instructions.
When I go there, I have the option of answering a security question or
have an email sent to me. The security question is my birth date, but when
I key it in the message box tells me it does not match their records. So, I
click on the 'send email' option, and it tells me an email has been sent to
me. But no email arrives.
Apart from this, my iPad seems to be working fine.
My questions: 1. HTF would these hackers know my four digit PIN?
2. Are others having the same or similar experience with
their iPad or iPhone?
3. Can someone other than an authorised group legally
copy and AVG (or any other) internet logo?
responses appreciated regards...
Larry
iPad security
Moderators: Harvey Williamson, Steve B, Watchman
Forum rules
This textbox is used to restore diagrams posted with the fen tag before the upgrade.
This textbox is used to restore diagrams posted with the fen tag before the upgrade.
-
fourthirty
- Full Member
- Posts: 763
- Joined: Fri Dec 06, 2013 8:46 pm
- Location: San Francisco
Re: iPad security
Hi Larry,
I have not received a similar message. However, this may be isolated to Australia:
http://www.smartcompany.com.au/technolo ... cking.html#
Another option to reset your Apple ID password is using iForgot:
https://iforgot.apple.com/password/verify/appleid
Greg
I have not received a similar message. However, this may be isolated to Australia:
http://www.smartcompany.com.au/technolo ... cking.html#
Another option to reset your Apple ID password is using iForgot:
https://iforgot.apple.com/password/verify/appleid
Greg
-
fourthirty
- Full Member
- Posts: 763
- Joined: Fri Dec 06, 2013 8:46 pm
- Location: San Francisco
Additionally, related to the subject of Apple IDs being hacked, below is a Wired magazine article that I stumbled upon a few weeks ago.
It is a year old now, so many of you may be familiar with the story. It details how a senior writer (Mat Honan) at Wired magazine was hacked, which ultimately led to his laptop being wiped (which resulted in him losing a years worth of family photos). What fascinated me about this story was that the accounts were not hacked via brute force, but by social engineering tactics.
http://www.wired.com/gadgetlab/2012/08/ ... cking/all/
If you don't have time to read the article, a brief summary is below:
1. The hackers ultimately wanted to hijack the author's (Mat Honan) twitter handle (@mat).
2. Hackers saw the twitter account was linked to Mat's Gmail address (MatHonan@gmail.com).
3. They attempted to sign into his Gmail account by clicking "forgot password", and it stated a recovery email was sent to his recovery email address M******N@me.com (his Apple iCloud email account).
4. It wasn't hard to figure out that he used the same email prefix (MatHonan) for his iCloud (Mac) email address. Then comes the crazy part...
5. Hackers called Amazon on the phone, gave Amazon Mat's email address & wanted to "add" a credit card to the account. They gave Amazon a bogus credit card number which was added to the author's Amazon account.
6. Hackers called Amazon back, spoke with a different customer service agent, and we're able to get login access to the account by verifying the email AND CREDIT CARD number (the bogus one they gave earlier).
7. Hackers now had access to Mat's Amazon account, and we're able to see the author's REAL credit card on file (well, at least the last 4 digits as Amazon displays it the credit card on file as XXXX XXXX XXXX 1234).
8. Hackers called AppleCare, and using the last four digits of Mat's real credit card number, were able to get access to his Apple iCloud account and email. Apple used the email AND LAST FOUR DIGITS of a credit card to verify identity.
9. Hackers, using Apple's "find my iPhone" service, were able to remotely lock up and erase the author's iPhone and MacBook Pro (this was done to slow down the recovery).
10. Hackers then selected the "Lost Password" link on the original Gmail account, the recovery link was sent to the alternate account (Apple iCloud email which was hacked), and they now had access to Mat's Gmail account.
From this they were able to take over the author's Twitter account and post some hateful stuff on there.
Below are a couple of Mat's recommendations:
1. Although Mat was a technology writer at Wired, he did not back up his laptop data. As a result, he lost all the photos of the first year of his daughter's life. He eventually recovered the photos after spending $1,700 at a drive recovery facility in Novato, CA. His advice - back up your data!
2. Google had two-factor authentication at the time, but the author did not use it (where Google will text a six-digit code to your phone if it detects a login attempt on an unfamiliar computer). Had the author enabled this, the hackers would not never got the Apple email address. Yahoo! and Mac now have two-factor authentication.
3. If you use the same prefix for multiple email accounts (for example bob@gmail.com and bob@yahoo.com), use different passwords for the accounts.
4. Use a different, random email account as your "recovery" email, not one with the same prefix - for example bob@gmail.com to recover bob@yahoo.com account.
5. Don't link your accounts - require a separate sign-in for each.
Just thought I would pass on this info…
Greg
It is a year old now, so many of you may be familiar with the story. It details how a senior writer (Mat Honan) at Wired magazine was hacked, which ultimately led to his laptop being wiped (which resulted in him losing a years worth of family photos). What fascinated me about this story was that the accounts were not hacked via brute force, but by social engineering tactics.
http://www.wired.com/gadgetlab/2012/08/ ... cking/all/
If you don't have time to read the article, a brief summary is below:
1. The hackers ultimately wanted to hijack the author's (Mat Honan) twitter handle (@mat).
2. Hackers saw the twitter account was linked to Mat's Gmail address (MatHonan@gmail.com).
3. They attempted to sign into his Gmail account by clicking "forgot password", and it stated a recovery email was sent to his recovery email address M******N@me.com (his Apple iCloud email account).
4. It wasn't hard to figure out that he used the same email prefix (MatHonan) for his iCloud (Mac) email address. Then comes the crazy part...
5. Hackers called Amazon on the phone, gave Amazon Mat's email address & wanted to "add" a credit card to the account. They gave Amazon a bogus credit card number which was added to the author's Amazon account.
6. Hackers called Amazon back, spoke with a different customer service agent, and we're able to get login access to the account by verifying the email AND CREDIT CARD number (the bogus one they gave earlier).
7. Hackers now had access to Mat's Amazon account, and we're able to see the author's REAL credit card on file (well, at least the last 4 digits as Amazon displays it the credit card on file as XXXX XXXX XXXX 1234).
8. Hackers called AppleCare, and using the last four digits of Mat's real credit card number, were able to get access to his Apple iCloud account and email. Apple used the email AND LAST FOUR DIGITS of a credit card to verify identity.
9. Hackers, using Apple's "find my iPhone" service, were able to remotely lock up and erase the author's iPhone and MacBook Pro (this was done to slow down the recovery).
10. Hackers then selected the "Lost Password" link on the original Gmail account, the recovery link was sent to the alternate account (Apple iCloud email which was hacked), and they now had access to Mat's Gmail account.
From this they were able to take over the author's Twitter account and post some hateful stuff on there.
Below are a couple of Mat's recommendations:
1. Although Mat was a technology writer at Wired, he did not back up his laptop data. As a result, he lost all the photos of the first year of his daughter's life. He eventually recovered the photos after spending $1,700 at a drive recovery facility in Novato, CA. His advice - back up your data!
2. Google had two-factor authentication at the time, but the author did not use it (where Google will text a six-digit code to your phone if it detects a login attempt on an unfamiliar computer). Had the author enabled this, the hackers would not never got the Apple email address. Yahoo! and Mac now have two-factor authentication.
3. If you use the same prefix for multiple email accounts (for example bob@gmail.com and bob@yahoo.com), use different passwords for the accounts.
4. Use a different, random email account as your "recovery" email, not one with the same prefix - for example bob@gmail.com to recover bob@yahoo.com account.
5. Don't link your accounts - require a separate sign-in for each.
Just thought I would pass on this info…
Greg
-
Bryan Whitby
- Senior Member
- Posts: 1003
- Joined: Wed Feb 18, 2009 9:57 pm
- Location: England