You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Ransom received for a RAT virus, is this possible

Got a hateful email today saying someone got into my i-pad camera. Threatening to send videos to my address book. Wants bitcoin, who would have imagined that? Is this for real or is this a phishing/money making scheme?

iPad, iPadOS 13

Posted on May 22, 2020 7:04 AM

Reply
Question marked as Top-ranking reply

Posted on May 22, 2020 7:12 AM

Do not respond to it or provide any information. If is a phishing scam intended to scare you.


See this link --> Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

7 replies

May 22, 2020 9:02 AM in response to Waggydoo

This is a scam.


Your password has been exposed in a server breach. Which is why two-factor authentication and unique passwords are preferred. You’ll want to start using unique passwords.


But this is also an indication that your credentials will be “crammed” everywhere. Which means you can lose control of some of your logins. And enable two-factor and set up and maintain your trusted telephone numbers, if that’s not already in place.


Losing your Apple ID is a huge mess, as can be some losing some other logins.


One of mine got picked off a while back, and through a series of mergers that login ended up being at a vendor I hadn’t realized I’d even had a login at, and that login got “crammed”. (Which made the password-reset notice a real surprise. That vendor at least had a real password recovery mechanism. Not all do.)


Other shared passwords may be being “crammed” without these thoughtful email notices, unfortunately.

May 22, 2020 8:59 AM in response to Waggydoo

I’ve had the same type of message, and they too had one of my real passwords. It was the one I used with the Sony PS store at the time Sony was hacked and passwords stolen. I had changed it long ago to something very different, but those old stolen passwords from hacked sites circulate around the web (what those using scare tactics to sell security software love referring to as “the dark web” which is nothing but the same internet we all use).


Given how many e-commerce web sites are hacked every year, I’d bet everyone has a few of their real passwords floating around out there in public hands. That’s one reason to never use the same password for more than one site, and to change them periodically.


But having a stolen password for a web site you’ve used would not help in the least to actually hack someone’s physical device(s).

May 24, 2020 5:16 PM in response to Waggydoo

There’s a very useful website for seeing both user IDs and passwords that have been “compromised” (stolen). https://haveibeenpwned.com. If you enter either a user ID (it says email address, but will take any user ID) or if you click the Passwords link in the menu and enter a password it will tell you if it has been found on the dark web. Yes, the site is entirely legitimate, and it does not save anything you enter (unless you subscribe to the site’s notification service).

Ransom received for a RAT virus, is this possible

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.