Scam attempt on iPad

Pragmatically, the iPad app contents are probably fine, as the others above have replied.

Passwords or password reset paths might not be so fine, though. Depending on what happened.

Malware on device is quite rare and targeted based on all available evidence, but installing remote access apps is possible, and passwords can be compromised.

Straight financial scams are common, and those often (mostly? usually? likely?) don’t involve any device or credentials compromises.

Most of these phishing and romance scams and spear-phishing and arrested-grandchild scams work by getting the folks to the scammers website, or n]by directly authorizing remote access into the device via FaceTime or such, and obtaining the access credentials there. Or by convincing the folks to authorize the financial transfer directly.

If you’re concerned that these folks might have authorized remote access into the iPad, or otherwise left a backdoor on the iPad or into the Apple Account here, your path will involve a factory reset, re-load just the apps the folks need, and resetting all passwords. Remote access is either authorized each time with FaceTime, or similarly through some other added remote access or screen-sharing app. Remote access malware is, as the replies above correctly indicate, very rare. DNS shenanigans are certainly possible, but not at the top of my list of potential shenanigans.

Two-factor authentication should be enabled here if not already (as that makes phishing more difficult), the trusted devices associated with the Apple Account all verified, the user’s own trusted telephone numbers verified, and ensure the appropriate Recovery Contacts are enabled.

Independent of the financial scam and independent of any potential password compromises that may or may not have occurred here, Passwords app (iOS 18, iPadOS 18, and later) contains a tool that automatically reviews a user’s passwords for compromises, so have a look for issues there, too.

Disable the automatic acceptance of Apple Cash payments to block that whole family of financial scams, too.

Were this an iPhone, also set it to send unknown callers to voicemail, and mute unknown text message senders.

It’s also fairly common for folks to re-use their passwords and passcodes (and to also not use iCloud Keychain and the passwords app, or some other password manager), which then causes wider compromises when the re-used passwords is compromised on some website somewhere.

What Apple suggests:

• If you think your Apple Account has been compromised - Apple Support
• Personal Safety User Guide - Apple Support

While you’re reviewing all of this, adding a Legacy Contact or two can be considered, as well as migrating to iCloud Photos, backups, and the usual and mundane device and data management considerations such as local or (far more likely) iCloud backups.

I really should re-word, edit, and re-load this stuff as a user tip, too.

Most scams are designed to scare the unwary into giving away sensitive information - or to fool you into doing something that you shouldn’t - usually to defraud you financially.

Providing that your iPad has been kept up-to-date with system software updates, you should not be overly concerned for your iPad being directly compromised. Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable. For older devices, no longer benefiting from regular security updates, the risk of an unpatched vulnerability being exploited increases.

For reference, regardless of the installed version of iPadOS, there are useful mitigations that can be used to significantly reduce the owners of iOS/iPadOS devices exposure to risk.

Threat Mitigation

Other than malicious websites that will attempt to capture information that you willingly enter, the majority of threats to which you will be invariably exposed will surface via web pages or embedded links within email or other messaging platforms. Browser-based attacks can be largely and successfully mitigated by installing a good Content and Ad-blocking product. One of the most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024

1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance, often utilised by so-called AntiVirus products intended for iOS/iPadOS. Instead, all processing by 1Blocker takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.

Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content is blocked from download. The 1Blocker product has also recently introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network extensions, extending protection to other Apps.

A further to improve protection from exploits is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I suggest using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:

Quad9 (recommended)

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9

OpenDNS

208.67.222.222

208.67.220.220

2620:119:35::35

2620:119:53::53

Cloudflare

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001

Security focused DNS providers intentionally "sink hole" known bad or malicious websites and resources - this providing an additional layer of protection beyond that provided by your device and its Operating System. These DNS services will, when used alongside 1Blocker or other reputable Content Blocker, provide defence in depth.

There are advanced techniques to further “harden” iOS/iPadOS (such as using DoH, DoT and DNSSEC). Apple has introduced its new Private Relay to its iCloud+ subscribers - in part employing ODoH (a variant of DoH) as an element of this new functionality. If you have subscribed to iCloud+, and have a device capable of running iOS/iPadOS 15.x or later, this feature is included. 

There is nothing that need be done except to keep the iPad up to date. Anything nefarious would require them to have jailbroken their device; which is unlikely.

Unless you've jailbroken the iPad, it's clean.