Apple has built a reputation for robust security features, so understandably, seeing an urgent pop-up saying your iPhone has been hacked can feel nerve-wracking. This deceptive tactic, often disguised as a security alert, is designed to trick users into taking harmful actions. It’s highly unlikely that your iPhone has already been compromised. However, carelessly interacting with these deceptive ads can expose you to significant risks, including data loss and identity theft.
Let’s dive into the best practices when dealing with this attack.
Has Your iPhone Really Been Hacked?
Don’t panic when you see this pop-up, and whatever you do, don’t open it. Even clicking the Close (x) button for the pop-up window can compromise your device’s security. This is, in reality, a scam, frequently used by cybercriminals to trick you into accidentally installing malicious software onto your device. Once you click on anything on that page, you’ll risk infecting your iPhone.
Scammers have used this common technique for many years. Why? Because sometimes, it works. If you’re looking at this, however, it at least means you’re skeptical about the pop-up.
What should you do? Close the tab by clicking on the symbol at the bottom right of your browser interface, i.e. the one that looks like one tiny square covering another. Your open pages will appear, so next, click on the x symbol at the top-right of the suspicious tab. Now check through other ways to make sure your iPhone hasn’t been hacked or otherwise affected.
What Does the iPhone Hack Pop-Up Look Like?
The message often appears in a gray pop-up box covering a webpage accessed on Safari.
It will say something like “Your iPhone has been hacked! All your operations on this device are being tracked by a hacker. Immediate action is required!”
Note that every sentence in the pop-up is a lie. This message doesn’t really mean you’ve been hacked and cybercriminals aren’t tracing what you do. The only action you need to take is to get rid of the pop-up—but don’t click Close!
There are variations, but the scam generally tells users that their smartphone has been compromised, that cybercriminals can track any activities, and then concludes with a call to action. This implores the reader to click on a link or simply get rid of the pop-up by tapping on the Close button.
How the Hacked Phone Scam Works
That Close button doesn’t really exit the page. It will compromise your device and allow a hacker in or encourage you to hand over your personal details.
Apple security works via sandboxing. This puts all your apps in their own confined space so they can’t interact with each other without permission from the user. That’s why you’re asked to give individual apps permission to connect with your Camera, Photos, or social media feeds. Effectively, then, any potential viruses are contained so they cannot spread across your whole device.
The problem comes when you accidentally allow an app access to other parts of your phone. The scammers behind the “Your iPhone has been hacked” pop-up are betting on this.
If you click Close, or another part of that message, you could be allowing Safari to download malware, like a Trojan horse. This could result in downloading a malicious app onto your device, one that will vacuum up your data.
Alternatively, this could lead to phishing, even via a calendar virus. This creates fake events as spam in your calendar or in a third-party calendar app. These typically include a link, and once you click on one, you’ll be redirected to a website that asks you for your personal information.
Quick Tip:
If you’re concerned about add-ons, plugins, or extensions that can create pop-ups and potentially compromise your data, the best solution would be an app with robust defense. For example, Intego can protect sensitive data by blocking digital intruders, thanks to its proactive monitoring that allows you to browse the web with your privacy intact.
How to Check Your iPhone Is Secure
If you haven’t clicked on anything, your device is likely secure. But you should double-check anyway.
Time needed: 5 minutes
First, let’s prevent this from happening again by allowing Apple to flag any potentially malicious sites.
- To do this, go to Settings > Safari.
- Next, toggle on Fraudulent Website Warning.
- Moving forward, your iPhone will warn you if you’re entering a site that doesn’t have an updated and verified SSL certificate or TLS. This is a level of encryption that means URLs read “HTTPS” instead of “HTTP”. That extra “S” means “Secure”. It’s not foolproof, but is a good sign of a trustworthy site.
- Next, look through your phone for any apps that you don’t recall downloading. If you find anything, delete that app straight away.
You could invest in some security software too, which can scan your smartphone; however, it’s debatable whether iPhones even need additional security suites as Apple security itself is very strong. Remember not to click on any suspicious links, and be immediately wary of any urgent calls to action. If something implores you to “act now”, it’s telling you to do something without considering the consequences first—a sure sign that something isn’t right.
And don’t submit any personal details to a site or app you’re not 100 percent certain about. Your data is important, so don’t give it out to anyone who asks! But if you need to kick hackers out of your iPhone, try managing your iCloud account, deleting suspicious third-party apps, and unsubscribing from random calendar events.