User profile for user: VoxFlavors
VoxFlavors Author
User level: Level 1
9 points

User name changed & fake password popups

Appears my iPhone 6s has been compromised somehow when I was using iOS 10.3.1. Last week I used Collagable for the first time as well as downloaded some video apps (2 free, 1 paid - InShot). A few hours after paying for the app I got a call at my home phone # from a caller speaking in an Oriental-sounding language. A friend who speaks Korean and Japanese said she thinks it's Chinese. (I have audio of it I can share but I am not able to insert video as the video button is grayed-out.) Started seeing pop ups for Apple ID password. Two nights ago, I saw my iCloud storage on my phone saying it was at zero. Freaked and input password I had avoided entering all week. After going to iCloud, I saw my storage was intact. Updated iOS (from 10.3.1 iOS I believe). Then changed password twice. Now have 2FA on phone but not iCloud Keychain.

Noticed iMessage has prompt at bottom: Messages in iCloud is currently disabled / Repair account.

User uploaded file

I read there are people who know about this prompt problem.

However, after thinking everything was fine with my password, today I decided to click the “repair” link at bottom. There’s a question mark at the end of the password box among other things that don't appear like the usual Apple prompt. I was thinking it was a new dialog box after new iOS installation. (Checked w/my husband who updated to latest iOS and he doesn't have this question mark when prompted for a password.)

User uploaded file

So, today in dealing with the "repair account" for iMessage/iCloud, I entered password again and THEN received a prompt for iCloud Keychain. (No image for this.) Definitely not right. I do not have iCloud Keychain. I didn't enter anything.

Has anyone seen a prompt with a question mark like this?


Decided to see if there are any different-looking prompts. When I went to Settings/App Store I got the prompt WITHOUT a question mark.


Later when I turned the phone on I saw a quick reminder asking for a password.

User uploaded file

User uploaded file

Went to iTunes. I have touch-enabled set up. Got the normal-looking screen when I clicked on my Apple ID and selected "View Apple ID".

User uploaded file

Noticed that Apple Pay Cash was enabled (not sure how). Turned it off.

The other night I noticed after the iOS update that the name on my credit card used for iCloud storage was now my new name. I use my nickname that shows up below my picture in "Settings/Apple ID, iCloud, iTunes & Storage". I don't know HOW my name was changed. I thought perhaps it was an iOS update thing but now I am not sure. I changed it back to my nickname.


So thank you in advance for your suggestions. (I have turned the phone off and powered up a few times.)

iPhone 6s

Posted on May 29, 2018 7:20 PM

Reply

Similar questions

3 replies
User profile for user: Toot Uncommon
Toot Uncommon
User level: Level 4
1,216 points

Jun 1, 2018 10:28 PM in response to VoxFlavors

Regarding the name-change issue: Whenever you purchase something, you should soon receive a confirmation email message from Apple confirming the purchase. It will state your payment card name as in “Dear (payment card name), …” regardless of the ad hoc Apple ID account name. This doesn’t apply to subsequent receipt emails regarding any applicable recurring charges e.g. monthly iCloud storage fee, just the original purchase.

Messages specifically from Apple Support regarding the setup and non-purchase usage of your Apple ID account will state your ad hoc Apple ID account name as in “Dear (Apple ID account name),” regardless of payment card name. You should receive such a message whenever anything about your Apple ID account is changed including the name.

If your Apple ID account name changed, you could search your email for applicable messages from Apple concerning your Apple ID account and possibly get an idea of how or why based on when it happened. To whatever extent the applicable messages haven’t been deleted, you could possibly go back to the original email address verification message as well as the Apple ID account setup confirmation message to verify the original name. When the name is changed later, I think the confirming message will state the original name as in “Dear (original name)” and something to the effect that such name was changed. From then, on, the new name will be thus stated for the duration of its currency.

Reply
User profile for user: Toot Uncommon
Toot Uncommon
User level: Level 4
1,216 points

Jun 6, 2018 9:26 PM in response to VoxFlavors

Ok. Thanks a million for the heads-up. The same thing happened to me on May 20th. The problem reared its ugly head out of the blue on the Mac as well as the iPhone and iPad. I went to resolve it on the Mac whereupon it was revealed that my Apple ID had been locked for security reasons. The step-by-step to unlock procedure that was presented did not make sense for my workflow. I was immediately and continue to remain confident that something went haywire on Apple's end that affected more than just the Apple ID of little old me. I cancelled out and tried again a few minutes later. Still some non-sense but not to any disaffect. I was able to quickly get it unlocked and then had to re-up the sign-in on all applicable services on all devices and had to re-establish some Messages and FaceTime settings on all devices. Overall, it took at least a half-hour to get back to square one. Had and continue to have 2FA enabled and didn't have to re-up any of that.

Reply
User profile for user: VoxFlavors
VoxFlavors Author
User level: Level 1
9 points

Jun 1, 2018 10:38 PM in response to Toot Uncommon

Many thanks for sharing the differences I should see in how "I" am addressed in official Apple emails depending on the subject matter. It is strange that something changed my user name (not my Apple ID) to the name that I have listed on my credit card. I changed it back. I keep thinking that as long as don't enter any password on my device I should be OK. (I will only go online w/2FA if I need to do anything official requiring a password.)


I tested the "click the home button" theory from this article on the password popup requests and indeed there is a difference.


https://thehackernews.com/2017/10/apple-id-password-hacking.html

Here's How you can Prevent Against Such Clever Phishing Attacks


In order to protect yourself from such clever phishing attacks, Krause suggested users hit "Home" button when they are displayed such suspicious boxes.


If hitting Home button closes both the app, over which it appeared, and the dialog box disappears, then it was a phishing attack.

If the dialog and the app are still there, then it is an official system dialog by Apple.


"The reason for that is that the system dialogs run on a different process, and not as part of any iOS app," the developer explained.


Krause also advised users to avoid entering their credentials into any popup and instead open the Setting app manually and enter the credentials there—just like users are always encouraged to not click on any links they receive via an email and instead go to the legitimate website manually.


Most importantly, always use 2-factor authentication, so even if attackers gain access to your password, they still need to struggle for the OTP (one-time passcode) that you receive on your mobile device.


Still not sure how to get rid of the fake password popup box. Just realized I may be eligible for a new battery (my 6s serial number falls within a range for getting a new battery) so I may need to back up and delete everything before getting a new battery. Maybe this will do the trick. Will keep folks posted.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

User name changed & fake password popups

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up