Hey folk! I am back with another scam alert. This New iOS scam makes you think that malware has been installed on your iPhone, iPad or Apple Watch and they do so by sending notifications from your device without actually hacking it. Wait….! what? How does that work? Let me explain how the iOS scam works.
I’m currently working towards getting my degree in cyberpsychology with a focus on scams and disinformation. (Long story don’t get me started on this topic at the pub ….when they open) I am the guy who reads his spam folder line per line to understand the methods the scammers use to convince you to give them money.
One of the key factors of this kind of scam is getting you to reach a point of panic. When you are afraid your brain goes into fight or flight mode putting the critical thinking part of the brain in the back seat. And this is when the scammers strike!
Notifications from your own device.
The scammers have found a way to have your device send you a notification trying to get you to think that you have been hacked. They do this by tricking you into subscribing to their calendar RSS feed. This is a common feature for online calendars to alert you to events, holidays and sporting events. (I’m subscribed to almost 10 of these. a very useful feature)
Then in a span of 24 hours, you get bombarded with notifications making you think that you have been hacked! Timed just as all the news outlets are reporting a new iOS security flaw and the latest Apple announcement of the iPhone 13.
Take a good look at the titles of the events. Scary huh? If I did not research scams and malware for a living I would be frightened too.
Then they spring the trap!
Now that you are good and frightened the scammers guide you to a link that convinces you to call a phone number where an agent is standing by to continue the scam or has malware (for other devices) to download.
Don’t click on any of the links! This will surely open you up to malware, phishing or phone scam.
Have you really been hacked?
No …but shhh don’t let the scammers know that you know. The scammers cannot actually damage your phone using your calendar. (Though run software updates just in case) Here is how to remove the notification from your phone.
- Open your calandar app
- On the bottom select calandars
- look for any calandars you do not recognise in the “Other or subscription catagory”
- Select calandar and take a look at the detials
- Select delete calandar from the bottom options.
- Run software updates just in case.
How did you get the fake events get on your calendar in the first place?
With permission from my clients who brought me their phones after the iOS scam attempt. (They were smart enough to not click on anything) I took a look at their browser history. From the two phones that had subscribed to the scam, calendar feeds they had one thing in common. The love of sports.
In both cases, the browser history was filled with news about sports. Personally, I can’t tell if they were official sports websites or not as it’s not really my thing. From what I can tell the victims had clicked on a link containing a calendar RSS feed in the past (Could have been days, weeks or months). A notification would have popped up! “Do you want to subscribe to the calendar to see future events” and they clicked yes!
I don’t think that sports websites are the cause of this. It’s just happened to be a kind of website that might offer RSS calendars.
How to protect yourself from this kind of scam?
Like all computers the weakest point is you! Though the scammers were clever they require you to do something to allow the scam to work.
- Run software updates often!
- If you ever get bombared with notifications STOP turn off the phone and take it to a professional
- Back up your phone often! (Computer, iCloud or other online service)
- Don’t Panic!