Bamboozled March 30, 2017: Apple fixes security flaw used to target porn users

12 ga0920iphont Sciarrino.JPG
Be sure to download the new operating system for your iPhone and iPad.

If you’re an occasional consumer of internet pornography, take note of the solution for a recent scam.

Apple released an update to its operating systems, fixing a flaw that allowed scammers to use pop-up windows in an attempt to snatch cash from unsuspecting users of the Safari browser on iPhones and iPads.

The scammers targeted porn connoisseurs, hoping they’d stumble on the many websites registered to the scammers. The sites were ones that would show up high for certain search terms, primarily from users searching for online pornography. Some music-related domain names were also used, reports said.

If an unsuspecting victim clicked on the wrong link, the scammers would use a pop-up window to say the user’s device has been locked because of “illegal pornography,” for example. It would then direct the user to pay — using an iTunes gift card, another common pay scam — via an email address that included law enforcement-sounding names such as cybercrimegov or police-pay.

Screenshot_2.jpg
A screen shot of the pop-up window on a seemingly locked iPhone.

Once the fine was paid, the scammy pop-ups said, the user’s Safari browser would be unlocked.

Cybersecurity firm Lookout found the flaw and notified Apple, which released the updated operating system — iOS version 10.3 — on Monday.

A Lookout user reported his device was caught in a never-ending loop. Each time he’d press “OK” on the pop-up window on his screen, he’d be prompted to press “OK” again. And again, and again. The browser was stuck, courtesy of the scammers.

The security flaw could in theory have affected anyone who uses the Safari browser on an iPhone or iPad, even though the scammers mostly targeted those who searched for pornography.

That’s why it’s important for you to know how to fix your device if this ever happens to you.

Yes, you should always download the latest operating systems for your device. But if you don’t, you can still get out of this problem on your own.

Users can clear their own browser history and data, which essentially gives a fresh start to the Safari browser. You can do that by opening “Settings,” selecting “Safari” and choosing “Clear History and Website Data,” Lookout said.

NOT JUST APPLE DEVICES

This attack is similar to the so-called ransomware attacks that we’ve told you about before.

In one version of the scam, the user will get a window with a message that claims to be from the FBI or another law enforcement group.

“Your cell phone has been locked,” the message would say. “We have recorded your online movements, including your browser and email history. To avoid serious legal action, call this number.”

And if you call, you’ll be asked to pay fines by wiring money, buying gift cards or other payment methods.

Another version of the scam locks your computer after you’ve unknowingly downloaded a virus. These usually came after users click on a “You can’t miss this video” or “You won’t believe…” kind of link. Or after you click on celebrity news, such as a fake story last year that reported the untimely (and untrue) death of actress Angelina Jolie.

Once the virus is in play, your machine will get stuck on one screen. The message is from a phony version of a trusted source, such as Microsoft or your anti-virus software provider.

It will tell you what number to call for “tech help.” After you pay, it says, the help desk can unlock your device.

Yet another version of the scam happens when a users searches for a help desk for a legitimate company but ends up clicking on an impersonation website instead.

It happened to one of our readers, and he gave a fake AOL help site control of his computer to diagnose the scammer-manufactured problem. The reader ultimately didn’t pay money for the promised fix, and he was able to correct the problem by running his anti-virus software.

So whether you’re a porn consumer or not, make sure you have the most updated operating systems on your devices, and be sure to run your computer’s anti-virus software regularly, too.

Have you been Bamboozled? Reach Karin Price Mueller at Bamboozled@NJAdvanceMedia.com. Follow her on Twitter @KPMueller. Find Bamboozled on Facebook. Mueller is also the founder of NJMoneyHelp.com. Stay informed and sign up for NJMoneyHelp.com’s weekly e-newsletter.