Text scams: The messages that allow criminals to break into your iPhone, and how to spot them

Mobile phones are increasingly becoming the most important part of people’s work and social lives – which means they’re more and more vulnerable to attack

Andrew Griffin
Monday 23 October 2017 14:28 BST
Comments
A man uses an iPhone 5C at the Berlin Apple Store
A man uses an iPhone 5C at the Berlin Apple Store (Sean Gallup/Getty Images)

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

The next text message you receive could ruin your life.

Increasingly, SMS messages are being used as a way of duping people into giving up their online accounts, and out of their identities and their money.

Many of those messages arrive looking perfectly innocent, and even useful. But they could be incredibly dangerous – and so it’s important to make sure to know how to spot them.

One of the major problems with such scams is that it is now relatively easy to pretend to be someone else, over text. The technology that powers texts allows people to put custom names in when they send messages – allowing people to easily pretend to be Google, Apple or anybody else.

Cyber criminals holding phone and computer data to ransom

As such, the main thing is to never give any information over text message, and only use it as a way of showing alerts. You never know who is texting you, or who you are texting – so treat it with extreme caution.

iCloud scams

One of the more recent scourges coming over SMS are iCloud scams. They aim to trick people into giving up the password that they use to get into their Apple account – and, once hackers are into that, then they can easily get your bank account details, your location, and more scary stuff besides.

Most of these notifications just work like traditional phishing scams, where cyber criminals pretend to be a company so that users send them details. But because they are done through the very personal but notoriously sketchy technology of SMS, they can be easy to spot.

It isn’t clear why there has been such a huge amount of these in recent months, but reports of them definitely do seem to be surging. The advice is the same as traditional phishing: responsible companies will never ask you to reply to a message with your personal details, or tell you to click on a dodgy link, so make sure that you always only give your information to official websites and be careful that you are.

Two-factor authentication

Another more new development is tricks that try and get around the two-factor authentication that many products now have built in – and which, for the most part, serves as a big problem for people breaking into your account. That's why it's also become such a security risk.

Two-factor authentication works by attaching a phone number to a person’s account. When they try to log-in, it will send a unique code to that phone number, and that has to be typed into the site. It’s built to foil people who steal passwords and then use them to get into accounts, because it requires physical access to the phone; and that’s why people are now trying to get around it with scams.

One highlighted this weekend shows a message that claims to be from Google and tells people that their account may have been hacked. If they want to have it shut down, it says, they need to reply to the message with the 6-digit verification code that they are about to receive.

It’s a sneaky way of getting people to put the authentication message that they have received from Google into a text message so that scammers can get around the security setup. But it’s a curiously convincing one.

Again, the key is never to enter any important codes into a text message or any unverified sites. And sites such as Google and others that use two-factor authentication will only ever send you the messages if you ask for them; if you’re receiving them without asking, it probably means someone is trying to break into your account.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in