Everyday scams - Virus on your iphone

Published - Estimated reading time: 5 minutes
Photo of an iPhone displaying a message that claims a virus has infected the phone

Something cyber security professionals often forget is that incidents are happening every day that aren’t inside their organisation, but it can affect them easily enough. Criminals are spreading their bets to try and get whatever they are looking for and ordinary people are targets as much as any business. The average person doesn’t have the same resources as most organisations, and they don’t have or want to spend the time to carefully configure safeguards to protect their personal resources.

I think a lot of people in our field forget that education on how to spot and avoid social engineering goes beyond the job and into normal life. In the past I’ve found that helping people understand how they can better protect their own lives makes them far more willing to do it in the organisation. It becomes much more real for people when they can see why using something like multifactor authentication could protect their bank account or personal information, making the guardrail in their working life something they want rather than circumvent.

Virus on your iPhone

A friend got in touch recently to ask my advice, and it was a perfect example of how simple and common these events are. Just browsing the internet and following links on something you’re interested in could, without any targetting at all, lead to you see something like this on your phone:

An iPhone sits on a surface displaying a web page. The page displays a Google logo and states that ‘(2) virus have been detected on your iPhone. It has been infected and damaged.’

Spotting the scam

Going from browsing perfectly normal web pages to this is jarring. That is the first step, they are trying to catch you off guard. This is reinforced then by a few factors.

Urgency: The goal is to make you act before you think rationally.

  • Countdown timer, in a bold red font which is larger than the other text and with a very short time period
  • If you don’t take action this virus will somehow damage your sim card, phone data, photos and delete your contacts

Fear: If the sense of urgency isn’t enough, they also play on “FUD”: Fear, Uncertainty and Doubt.

  • Not one but two viruses!
  • Your phone is already infected
  • Your phone is damaged … bit unclear how though

Trust factor: They try to make you feel confident this is the real thing.

  • Google logo, because they aren’t evil and everyone trusts them
  • Helpful instructions, just install the virus removal app which is free
  • Big handy “Remove Virus Now” button

My friend turned on flight mode, took a step back and messaged me from their partner’s phone to ask if it was a scam. Of course I had a look and immediately reassurred them it was a scam, close the browser tab and move on with the day. People can joke that these things are easy to spot, but the reality is that at the right time they just aren’t. All it takes is being already distracted or stressed by something else and your critical thinking won’t be as effective.

There were extra things which I spotted after the fact, these include little niggles I wouldn’t expect an enterprise like Apple or Google to do.

  • Minor grammatical issues, eg inconsistent use of virus vs viruses
  • Typographical tells, eg uppercase I on Install and lowercase a on the last “App”
  • The button text has an uppercase letter at the start of each word
  • It isn’t a system notification, its a web page
  • The visible part of the domain is neither apple.com or google.com

Cyber crime is big business

This sort of scam is getting easier to do now and has become its own business model on the dark web. Criminals distribute easy to run programs or even full blown websites that make setting it up simple and automated, Crime-as-a-Service (CraaS?). They can deliver multilingual systems, making it possible for fraudsters who don’t even speak your language to still create a convincing scam. The days of just checking for simple spelling mistakes and poor layout are behind us, as the photo above demonstrates. I’m not kidding when I say this costs people billions every year.

These tools will literally help low level criminals find legitimate but insecure websites, gain access to their administration system and then publish a templated page to their specification. Then to get that page linked from somewhere often a malicious advert (malvertising) is used, paid on a stolen credit card. By putting an advert against popular search phrases this gets the scam in front of as many eyes as possible before being detected and removed. All it takes is for a handful in the hundreds of thousands or millions viewing to install the “free virus removal app” and they likely get what they want.

These scams are what can lead to people losing life savings or having their identity stolen to take out massive loans in their name. It has very real consequences when someone, unwittingly, does in the moment what they thought was right.

A call to action

Cyber security professionals we need to do better at helping our fellow colleagues, friends and loved ones understand how to avoid becoming a victim. Make a point of pointing these things out when you see them, help people know what to do in future. Let’s make it hard for these criminals!