Skip to main content

Help.apple@gmx.com ransomware fraud: Unlock hijacked iPhone or MacBook

Learn how to get around a lock screen on iOS or macOS device with the help.apple@gmx.com email address on it and prevent similar ransom attacks further on.

Some unlucky iOS and Mac users who bumped into a lock screen with the help.apple@gmx.com contact email address on it think they fell victim to ransomware. That’s what such a predicament looks like, indeed. It appears as if someone had deposited a piece of malware onto the device, and the perpetrating code is wreaking this type of havoc. The plagued iPhone, iPad or MacBook ultimately becomes inoperable, with a ransom note hanging on the screen and recommending the user to shoot a message to the indicated email for unlock instructions. However, this particular attack vector actually has more relation to classic hacking than virus deployment. There is no infection on board, which is good news. The bad news is, the victim’s Apple ID credentials got compromised, so threat actors were able to remotely sign into their iCloud account and enable the “Find My iPhone” feature.

Lock screen message instructing a victim to contact help.apple@gmx.com

Unless defiantly exploited by online trespassers, “Find My iPhone” is a remarkable emergency feature allowing Apple customers to spot their lost or misplaced device, including iPhone, iPad, iPod touch, Mac, Apple Watch or AirPods. By spoofing an instance of device loss, though, the fraudsters can turn this functionality against the user. They get sufficient privileges to lock the phone or computer and even set a custom message that’s different from the default one going, “This iPhone has been lost. Please call me”, which is normally followed by the owner’s phone number. In this particular case, the bogus warning reads, “Lost iPhone. Write to email: help.apple@gmx.com” or “Wrong passcode. Try again. Write to email: help.apple@gmx.com”.

The infected user is thus instructed to reach the attacker via email. In response, they will receive a walkthrough on how exactly to unlock the hacked device. There is auto-reply enabled for help.apple@gmx.com inbox. The text goes, “Hello! Your device is blocked for activation of device: pay $50 for a Bitcoin address. Inform us about the payment and we will send the passcode.” The following part of the response sounds even scarier, “All your devices will be blocked within 24 hours if not receive payment.” Therefore, the blackmail workflow also includes threats to block other devices belonging to the victim, which is obviously a way to put additional pressure on them. By the way, the attackers’ English is terrible, which suggests that they might be somewhere overseas.

Speaking about the anatomy of this outrageous incursion, it is propped by a dump of many users’ iCloud access credentials. Another possible reason has to do with some people’s bad online hygiene, where weak easy-to-guess passwords can allow ill-disposed individuals to pull off a fraud like this. Once a felon has this information, it’s as simple as ABC to log into the would-be victim’s iCloud account, go to “Find My iPhone” app, type a warning message that will be displayed on the lock screen, activate the feature, and wait for incoming messages from infected users who are desperately looking for a fix.

To avoid issues like that, it’s imperative to use strong passwords for signing in at iCloud.com and consider leveraging two-factor authentication. If a lock screen featuring help.apple@gmx.com is already there, follow the steps below to regain access to your device instead of coughing up $50.

Unlock iPhone hijacked via help.apple@gmx.com hoax

As per the anatomy of this con, an efficient workaround is to reset the iCloud login credentials. To do this, go to iforgot.apple.com on a computer or other non-infected device and follow the steps below:

• Select the option that says "Forgot Apple ID?"

Forgot Apple ID

• Enter the requested details, including your first name, last name and email address and click Continue.

Enter the requested details

• Fill out the personally identifiable information as instructed and answer security questions you had configured when creating your Apple ID. Alternatively, you can select the "Get an email" option and receive an email to reset your password.

Reset Password

• Follow any further directions until you reset your iCloud password. In some cases, you may have to give Apple Support a phone call to explain your issue and get the reset job completed.

Reset Password Done

• Use the new password to regain access to your iOS or macOS device.

Protect your iPhone / iPad from being locked

Infections like the help.apple@gmx.com locker can obtain your sensitive credentials through unprotected connections. Logging into public Wi-Fi networks and visiting compromised sites can get the gadget exposed to malware and man-in-the-middle attacks. It’s therefore strongly recommended to use automatic protection during web surfing.

1. Download and install SurfEasy VPN (read review). This app accommodates Wi-Fi security as well as privacy and identity protection features

Download Now

2. Make sure SurfEasy Protection is turned on throughout Internet browsing sessions. The application will encrypt all traffic, prevent ad tracking, anonymize online activities and secure the iOS device when it’s connected to Wi-Fi hotspots.

Turn on SurfEasy VPN

2

Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in