Imagine with me, you leave a coffee shop with your friends or answer a call while crossing the road and suddenly you don't find your iPhone in your hands, a thief kidnapped it and stole it from you and ran away immediately before you realize what happened, within minutes, you won't be able to log in to your account on Camel Your photos, contacts, and even notes will be accessed, and most importantly, the money will be stolen from your bank account, all this was done through an easy trick within a few minutes while you are still thinking what to do.
What's the trick?
The trick is one of the social engineering attacks that works by exploiting knowing the access code of the device and the trick is as follows, the thief tracks the victim and tries to see the password for the device, then the next step will be to try to steal the iPhone, after the hard part is over, it's time for the easy part, where The thief exploits the access token, which allows him to access anything on the device.
What does knowing the access code mean?
By knowing the passcode of the iPhone, the thief can easily reset the victim's Apple ID password via Settings even if Face ID or Touch ID is enabled as the operating system unfortunately provides a way to bypass this problem by offering an option to enter the device passcode.
The thief can also turn off the Find My service on the device, which prevents the real owner of the device from tracking its location, or erase the device remotely via iCloud. But that's not all, the thief can also remove other Apple devices from the account to block the victim and prevent him from knowing the location of the stolen iPhone.
What else can the thief do, he can change the contact information of the Apple ID and set up a recovery key to prevent the victim from recovering the account. Well there is worse, through the iPhone passcode, the thief can use the Apple Pay service and buy what he wants and send money via the Apple Cash card (available in America only) to any card or your bank account easily and do not forget to access banking applications through passwords stored in the iCloud Keychain service, and of course it will find other stored passwords that can be exploited to hack into your social and email accounts and steal your entire digital life.
How to protect yourself
According to experts, in order to protect yourself from this scam, you need to switch from a four-digit access code to more secure options like a custom alphanumeric code and a custom numeric code. This will make it difficult for a thief to even try to spy on you.
In order to change the passcode, go to the settings on the iPhone, then press the face print and the passcode or the fingerprint and the passcode, and then choose to turn on or change the passcode.
Another important tip, use your face or fingerprint as much as possible in public places, and if you must use an access code, you can put your hands on the screen to prevent anyone from knowing what you're writing.
For your bank accounts and other accounts, rely on a reliable external password manager that does not depend on the passcode of your iPhone, also provided by Apple some time ago. Physical security keys This gives users additional protection against phishing or social engineering attacks.