iPhone or iPad Security Compromised, now what?

This tip is a work in progress, and additional editing and updates are planned.

This tip started from this thread: Scam attempt on iPad - Apple Community

Pragmatically, the iPad app contents are probably fine, as the others above have replied.

Passwords or password reset paths might not be so fine, though. Depending on what happened.

Malware on device is quite rare and targeted based on all available evidence, but installing remote access apps is possible, and passwords can be compromised.

Straight financial scams are common, and those often (mostly? usually? likely?) don’t involve any device or credentials compromises.

Most of these phishing and romance scams and spear-phishing and arrested-grandchild scams work by getting the folks to the scammers website, or n]by directly authorizing remote access into the device via FaceTime or such, and obtaining the access credentials there. Or by convincing the folks to authorize the financial transfer directly.

If you’re concerned that these folks might have authorized remote access into the iPad, or otherwise left a backdoor on the iPad or into the Apple Account here, your path will involve a factory reset, re-load just the apps the folks need, and resetting all passwords. Remote access is either authorized each time with FaceTime, or similarly through some other added remote access or screen-sharing app. Remote access malware is, as the replies above correctly indicate, very rare. DNS shenanigans are certainly possible, but not at the top of my list of potential shenanigans.

Two-factor authentication should be enabled here if not already (as that makes phishing more difficult), the trusted devices associated with the Apple Account all verified, the user’s own trusted telephone numbers verified, and ensure the appropriate Recovery Contacts are enabled.

Independent of the financial scam and independent of any potential password compromises that may or may not have occurred here, Passwords app (iOS 18, iPadOS 18, and later) contains a tool that automatically reviews a user’s passwords for compromises, so have a look for issues there, too.

Disable the automatic acceptance of Apple Cash payments to block that whole family of financial scams, too.

Were this an iPhone, also set it to send unknown callers to voicemail, and mute unknown text message senders.

It’s also fairly common for folks to re-use their passwords and passcodes (and to also not use iCloud Keychain and the passwords app, or some other password manager), which then causes wider compromises when the re-used passwords is compromised on some website somewhere.

What Apple suggests:

• If you think your Apple Account has been compromised - Apple Support
• Personal Safety User Guide - Apple Support

While you’re reviewing all of this, adding a Legacy Contact or two can be considered, as well as migrating to iCloud Photos, backups, and the usual and mundane device and data management considerations such as local or (far more likely) iCloud backups.

*****ASC login cookies failure, update fail, draft fail, changes being merged (2/3)*****

This tip is a work in progress, and additional editing and updates are planned.

This tip started from this thread: Scam attempt on iPad - Apple Community

Pragmatically, the iPad app contents are probably fine, as the others above have replied.

Passwords or password reset paths might not be so fine, though. Depending on what happened.

Malware on device is quite rare and targeted based on all available evidence, but installing remote access apps is possible, and passwords can be compromised.

Straight financial scams are common, and those often (mostly? usually? likely?) don’t involve any device or credentials compromises.

Most of these phishing and romance scams and spear-phishing and arrested-grandchild scams work by getting the folks to the scammers’ website, or by directly authorizing remote access into the device via FaceTime or such, and obtaining the ability to transfer from the credentials there. Or by convincing the folks to authorize the financial transfer directly.

If you’re concerned that these folks might have authorized remote access into the iPad, or otherwise left a backdoor on the iPad or into the Apple Account here, your path will involve a factory reset, re-load just the apps the folks need, and resetting all passwords. Remote access is either authorized each time with FaceTime, or similarly through some other added remote access or screen-sharing app. Remote access malware is very rare, and very expensive. DNS shenanigans are certainly possible too, but not at the top of my list of potential shenanigans.

Two-factor authentication should be enabled here if not already (as that makes phishing more difficult), the trusted devices associated with the Apple Account all verified, the user’s own trusted telephone numbers verified, and ensure the appropriate Recovery Contacts are enabled.

Passwords app (iOS 18, iPadOS 18, macOS 15, and later) contains a tool that automatically reviews a user’s passwords for compromises, and resolve any issues reported there.

Disable the automatic acceptance of Apple Cash payments to block that whole family of financial scams, too. (The scam: receiving an payment transfer from what will be a compromised payment card, and then requests or demands to return some or all of that transfer. That initial payment then gets clawed back by the payment card provider, and you lose anything you then transferred to the scammers.)

Set your iPhone to send unknown callers to voicemail, and mute unknown text message senders.

It’s also fairly common for folks to re-use their passwords and passcodes (and to also not use iCloud Keychain and the passwords app, or some other password manager), which then causes wider compromises when the re-used passwords is compromised on some website somewhere. See the Passwords app for details.

What Apple suggests:

If you think your Apple Account has been compromised - Apple Support

Personal Safety User Guide - Apple Support

While you’re reviewing all of this, adding a Legacy Contact or two can be considered, as well as migrating to iCloud Photos, backups, and the usual and mundane device and data management considerations such as local or (far more likely) iCloud backups.

*****ASC login cookies failure, update fail, draft fail, changes being merged (3/3)*****

This tip is a work in progress, and additional editing and updates are planned.

This tip started from this thread: Scam attempt on iPad - Apple Community

Pragmatically, the iPad app contents are probably fine, as the others above have replied.

Passwords or password reset paths might not be so fine, though. Depending on what happened.

Malware on device is quite rare and targeted based on all available evidence, but installing remote access apps is possible, and passwords can be compromised.

Straight financial scams are common, and those often (mostly? usually? likely?) don’t involve any device or credentials compromises.

Most of these phishing and romance scams and spear-phishing and arrested-grandchild scams work by getting the folks to the scammers’ website, or by directly authorizing remote access into the device via FaceTime or such, and obtaining the ability to transfer from the credentials there. Or by convincing the folks to authorize the financial transfer directly.

If you’re concerned that these folks might have authorized remote access into the iPad, or otherwise left a backdoor on the iPad or into the Apple Account here, your path will involve a factory reset, re-load just the apps the folks need, and resetting all passwords. Remote access is either authorized each time with FaceTime, or similarly through some other added remote access or screen-sharing app. Remote access malware is very rare, and very expensive. DNS shenanigans are certainly possible too, but not at the top of my list of potential shenanigans.

Two-factor authentication should be enabled here if not already (as that makes phishing more difficult), the trusted devices associated with the Apple Account all verified, the user’s own trusted telephone numbers verified, and ensure the appropriate Recovery Contacts are enabled.

Passwords app (iOS 18, iPadOS 18, macOS 15, and later) contains a tool that automatically reviews a user’s passwords for compromises, and resolve any issues reported there.

Disable the automatic acceptance of Apple Cash payments to block that whole family of financial scams, too. (The scam: receiving an payment transfer from what will be a compromised payment card, and then requests or demands to return some or all of that transfer. That initial payment then gets clawed back by the payment card provider, and you lose anything you then transferred to the scammers.)

Set your iPhone to send unknown callers to voicemail, and mute unknown text message senders.

It’s also fairly common for folks to re-use their passwords and passcodes (and to also not use iCloud Keychain and the passwords app, or some other password manager), which then causes wider compromises when the re-used passwords is compromised on some website somewhere. See the Passwords app for details.

What Apple suggests:

If you think your Apple Account has been compromised - Apple Support

Personal Safety User Guide - Apple Support

While you’re reviewing all of this, adding a Legacy Contact or two can be considered, as well as migrating to iCloud Photos, backups, and the usual and mundane device and data management considerations such as local or (far more likely) iCloud backups.