The Find My iPhone setting is meant to help you recover a lost phone without letting anyone steal your data, but it could also create another entryway for scammers to mess with you.
If you’re missing your phone and have Find My iPhone turned on, you can log on to your iCloud account from any device to find a map of where your iPhone is. While you’re online, you can also put your phone on Lost Mode to send a message and phone number where you can be reached to whomever has your phone. So if someone sees a phone with a message like “Please call me to return my phone. (555) 123-4567,” that person will know how to reach you. Find out some other sure signs you’re about to be hacked.
Here’s where the trouble comes in: If your phone or computer doesn’t already have a passcode, you can create one while you’re fiddling with Lost Mode. That’s great if your easy-to-access phone or laptop is in a stranger’s hands, but not if someone else sets it for you. See, anyone who has your iCloud username and password can create a new PIN for your phone, even when it’s still in your pocket—especially if you use these easy-to-hack password recovery questions.
Recently, Mac users have complained that hackers locked them out of their own laptops. The scammers hold the computer ransom, asking you to send money before they unlock the device. Don’t miss this other super creepy way hackers use your laptop camera.
— Jovan Cabrera (@bunandsomesauce) September 16, 2017
Even more concerning, though, is how easy it is for someone to erase your device remotely via your iCloud account. Right next to Lost Mode is the Delete option, which is just what it sounds like. A hacker can remotely delete everything on your phone or computer with the push of a button. Don’t miss these other 10 phone scams that can steal your money.
Apple assures you that you can restore the information if you find your device later—but only you turned on iCloud Backup on your phone (and it isn’t full) or backed up your Mac with a Time Machine drive. We’re not sure how deleting your information is useful unless you have any enemies, but it’s unnerving nonetheless.
You’d think getting access to your iCloud would take a lot of guess-and-checking from a hacker, but it’s actually not as hard as it sounds. MacRumors guesses scammers find passwords through another app or site, then pair them up with the associated email address. So if you sign in to your iCloud with the same password you use on another site that got breached, you’re making it easy for scammers to weasel their way in.
The likelihood of needing to track a lost phone seems like a bigger issue than the slight chance of getting hacked, but this scam is just one more reminder to be careful with your passwords. Never repeat a password—especially not one for something as sensitive as your iCloud—and make sure each one is strong. Download a password manager to keep track of all of them, and rest easy knowing you’ll be a tough nut to breach. If you need help creating a strong password, try this website that makes foolproof passwords.
If a scammer does lock you out of your own phone, don’t freak out and send the money. Just stop into an Apple store, where employees can help you for free—no ransom money required. Next, learn the 20 cyber security secrets hackers don’t want you to know.