If you haven’t noticed yet, there is a new iPhone update to version 10.3. It was just released to fix a vulnerability that would allow a popup box to be displayed and then put into a continuous loop in the Safari browser. This was found by security company Lookout and reported to Apple for a fix. Since the patch has been released, details have surfaced about how that hole was, and still is being used by attackers as a way to trick victims out of money.
Within Safari, if a phishing attack is successful, a popup appears on select pages that accuses victims of accessing illegal pornography or pirated music. The message claims that all data on the phone is locked and will not be unlocked unless a code for an iTunes gift card in the sum of approximately $125 is sent to a specific mobile phone number. When the “OK” button is clicked, it just keeps cycling in a loop and will not go away.
However, the popup appearing to be a form of ransomware is actually fake. The devices don’t get locked, but the attackers are using scareware in the hopes that victims send money before they realize that all they have to do to clear the dialogue box is clear the Safari browser cache.
Many think that Apple devices are safer than other operating systems. However, this ploy shows that nothing is invulnerable to cyber trickery or scams. Regardless of the operating system running on a device, it should always be kept up-to-date with the most recent patches and software versions.
In addition, use caution when browsing the Internet. It’s very easy to mistype a URL and go to the wrong page. Cyber thieves count on this happening and purchase domains that are so similar to popular sites; even one character off, that people often will make typos and land on those rogue pages. This is called typosquatting or domain jacking. If you are manually typing in an address, review it before hitting the “return” key.
In this case, the attackers purchased several domains and use the country code from victims’ devices to determine the popup message that is displayed. They also use icons such as logos from the National Security Agency (NSA) or Interpol to further legitimize the sites. Always be careful about clicking on links or attachments that arrive in email as well. If you don’t know the sender or are not expecting it, verify it’s real before clicking it. Often, scams like these are successful because someone didn’t do that.
Dr. Brown is the Cybersecurity Officer for U.S. Army Garrison Wiesbaden.