Checklist 320: Speedy Scams and Securing iCloud
On The Checklist this week:
- SVB scammers act fast
- Rules for avoiding scams
- How to make iCloud safer
Bad guys roll out SVB scams—over the weekend!
On Friday, March 10, Silicon Valley Bank (SVB) collapsed. By Monday, the scammers had deployed new scams to take advantage of the situation.
The SVB bank collapse was the “largest U.S. banking failure since the 2008 financial crisis and the second-largest ever,” according to CNBC. As such, it was also headline news. In other words: exactly the kind of major world event that scammers love to take advantage of.
Johannes Ullrich of SANS Technology Institute remarked that between 10 March and 12 March he and fellow researchers “saw a number of domain registrations tracking the Silicon Valley Bank failure (for example svblogin.com, loginsvg.com, [etc.].”
Other researchers observed similar behavior. New domain registrations related to Silicon Valley Bank—possibly for phishing purposes. Malicious websites that purported to help SVB customers recover funds, but were actually designed to steal information and/or money.
How to avoid a crisis scam
Say what you will about scammers. They never let a good crisis go to waste—and they work very, very quickly.
It’s almost a guarantee that when a major event happens, scammers will find some way to capitalize on it. Every scam is different. But there are some general rules to help you avoid scams:
- Be wary of unsolicited emails or texts. Don’t click on any links or attachments contained therein.
- Be suspicious of unsolicited phone calls. Never give out sensitive personal or financial information over the phone.
- Realize that generating an exaggerated sense of urgency is a common scammer’s tactic. Don’t respond to attempts to frighten, rush, or bully you. Take a breath and think before you act.
- For major world crises, natural disasters, pandemics, financial collapses, etc., get your news from trusted sources only. Be especially skeptical of viral social media posts and the like.
How to lock down iCloud
We’ve talked before about the importance of hardening your iPhone against theft—most recently on Checklist 318: Let’s Not Be Victims.
This week, we cover a story by Cult of Mac that offers a further suggestion for locking down your iPhone: Add an extra password to your iCloud account.
The Cult points out that once someone is into your device, it’s relatively trivial to change the password for your Apple ID—effectively hijacking your Apple account and everything related to it.
For this reason, they suggest adding a Screen Time passcode to your iCloud settings. Though originally intended as a parental control setting, adult users can repurpose the feature to make their iCloud accounts more secure. If your device is stolen, the thieves won’t be able to change your Apple ID password without that Screen Time passcode.
To set this up, go to Settings > Screen Time > Content & Privacy Restrictions. Toggle the setting on and go to Account Changes > Don’t Allow. Finally, go back to Screen Time > Use Screen Time Passcode to set up your passcode. Needless to say, that passcode ought to be as strong as possible—just as long as you can remember it or store it somewhere secure.
If you do need to make some changes to iCloud, go to Settings > Screen Time > Content & Privacy Restrictions. Enter your PIN to disable the restrictions and make your changes.