Today we have poured much of our lives into dozens of digital platforms. Protected with username and password, they contain an important amount of information about us . Information that often gives access to credit cards, physical addresses and other sensitive data.
For Apple users, the Apple ID is the account that holds everything related to the devices, services and payment cards we use with the company. This is why it has become a target for hacker attacks. Let’s take a look at the most common ways they try to access our Apple ID and how to protect ourselves from these attacks.
Common methods used by hackers to access an Apple ID
It is important to clarify that to access an Apple ID two things are necessary : the email you use to log in and the password. There are two main ways to obtain this data, they are as follows:
- By hacking other companies and online services: Hacking large and small companies is becoming more and more frequent. And with them, hackers are getting hold of the emails and passwords of millions of users. Emails and passwords that many reuse elsewhere, such as their Apple ID.
- Through social engineering techniques: a sophisticated way of saying that it is they who are cheating you, often by impersonating an Apple employee or through communication that is supposed to be from the company.
To protect yourself from the first one, it is essential that you use different passwords for each online service you sign up for. Reusing passwords on different sites is a sure recipe for disaster . As soon as one of those sites is hacked, the rest of the sites using that combination of email and password are compromised.
Re-using passwords in different online services is a safe recipe for disaster
Creating and memorizing passwords is a tedious task, but one that ensures we are protected. Many sites now require a certain number of characters, uppercase, lowercase, numbers and symbols to accept a registration. So it is more convenient to use password generators like the iCloud keychain integrated into Safari or password managers like 1Password.
How do you know if your email has been compromised in any hacking? For this, we recommend the Have I been pwned? website, which checks any email entered in its form for the theft of credentials that have been made public . This way you’ll know if your email is listed and where you have to change your passwords, but beware, not all hacking has been made public.
Social Engineering and Apple ID: How to Protect Yourself
As for social engineering, hackers have more or less elaborate methods to take control of your Apple ID . The most common methods are:
- Email that claims to be from Apple and sends a link to check any data as a pretext. When you click on the link, you are redirected to a website under their control where you are asked to enter email and password. As soon as you do this, you’re giving the hackers the keys to your Apple ID.
- If your device has been lost or stolen and you have blocked it with Find My iPhone, the same thieves can call you pretending to be an Apple employee. They will ask you for your Apple ID password under the pretext of being able to give it back to you, but by doing so you will be allowing them to unlock it and sell it later.
- Through an automatic phone call in which they claim to have detected some unusual activity on your account and request that you call them back. A very recent method in which they also tell you not to use your computer or Google before contacting them, probably so that you don’t realize they are hackers.
- Requesting access to your Apple ID from a new device when you have two-factor authentication enabled. Just know that any unauthorized login attempt by us will be a hack attempt, especially if it comes from a remote location as it happened to me a few days ago. From China, no less (see image above).
- Intercepting your communications over an unsecured Wi-Fi network. Public networks are unprotected from people who know how to see the traffic moving on them. Don’t connect to them unless necessary, and in that case, try to do so through a VPN. It’s not a panacea, but it does help mask your information.
Qué hacer si tu iPhone o iPad ha sido robado.
SMS with identical excuses and intentions. A link to one of their websites for you to enter your data and thus steal your Apple ID.
Here it is important to note that Apple will not contact you by any means (email, SMS or phone), unless you have contacted them before for some reason (repair, purchase, questions). However, never give out your credentials by phone or SMS and never access your Apple ID from a link provided by a third party.
Apple will never contact you if you have not previously done so and in no case will ask for your Apple ID password
It is also highly recommended that you enable two-factor authentication to enhance the security of your Apple ID. Please note that if a hacker gains access to your Apple ID, they have access to emails, messages, photos, calendar, contacts, backups and devices. A common way to get money from your victims is by blocking access to the Apple ID and the devices themselves and then requesting a ransom to unblock them.
A technique that is known as ransomware and that is proliferating in recent months. A recent example is one that requests access to your Dropbox and then uses your documents as hostages.