UPDATE: the same person tried to do it again later yesterday afternoon on my iPad, asking for more money and through a Bitcoin this time. But, I had already locked, changed and closed everything so it didn’t work. Also, one of my readers messaged and said that the same code they sent to me worked for him and saved him $30.
This is advice from a reader named Charlie:
“Your Apple ID and password were stolen. Change your Apple ID password on another device; go to find my iPhone on that device; select the iPhone; select iPhone found. This will turn off the ransomware message and get things working again. DO NOT pay the ransom. If my solution or the code mentioned above does not work go to Apple Support. DO NOT pay the ransom.”
My iPhone was hijacked last night around midnight. I picked up my phone and it was locked with a message that said, “in order to unlock your phone, send an email to firstname.lastname@example.org”. After I sent the email, I realized that someone was holding my iPhone for ransom, a $30 ransom, which I needed to pay thru PayPal. This would then release the code to me that I would need to open my iPhone. The email message i received was this:
Your device is locked. To obtain the code unlock your device,
Pay 30$ PayPal account: email@example.com
After payment you will receive an unlock code immediately.
If within 12 hours of your payment is not received, we will have to erase your device.
I googled, ‘iPhone Hijacked’ and read every article I could find, my only choice, if I didn’t want to pay, was to completely wipe my phone. It was very late, Apple offices were closed and I could not get into my iCloud backups. I was stuck in quite a pickle for sure.
Even though all the sites said to not pay, I did. After reading other articles, $30 was getting off cheap. The email address came from Russia or Eastern Europe,
and I did receive that passcode to unlock my iPhone right away, as well as a confirmation email and another confirmation email with a smiley face. I suppose that is customer service at its finest among thieves.
Afterwards, I changed my gmail password twice, adding in characters, numbers, capital & lower case, as well as I changed my yahoo, my Apple ID, several times, and then added a passcode on phone, which I changed twice. Finally, because of this crazy intrusion, I also changed my banking information just in case as well.
Apparently if you already have an existing passcode on iPhone, this might not have happened, or if you use a two-step gmail verification. As a result of not having a passcode, they were able to hijack my iPhone using the ‘find my phone’ app. Consequently, I have since turned off this app on all of my devices, as well as my iCloud.
This is a lesson learned and luckily not a very expensive one. I’m passing on this info to warn others with iPhones:
- Be Aware, iPhone Hijacking is really happening and can happen to anyone
- Take extra precautions
- Update passwords
- Update security
- ADD PASS CODES