The Chinese police authorities and Tencen revealed through a press conference yesterday that many Apple device users have suffered “Apple ID blackmail”, and investigations into these cases have led to a very disturbing discovery.
In August last year, a man surnamed Wu had his iPhone suddenly locked and a QQ account was left on the screen, asking Wu for 500 yuan to unlock the phone. He contacted the suspect and paid, subsequently getting his iPhone unlocked afterwards. Unlike many victims who had opted to pay and move on, Wu chose to report the incident to the police.
After a two-month-long investigation, the police arrested a suspect surnamed Cai and his cohorts, and in the process, uncovered a massive underground fraud industry which involved illegal acquisition of Apple IDs, renting of phishing sites, and extortion. This particular case, valued in excess of 20 million yuan, ended with the destruction of China’s largest Apple ID acquisition platform–Ziyuan Management System, and the arrest of 10 suspects.
The police uncovered last week, the two methods used by the suspects for stealing Apple IDs. The first method was phishing. The police surveyed the phishing websites visited by the victims, the codes of which indicated a link to “Ziyuan Management System”. Investigations on data and cash flow of the platform revealed that Ziyuan Management System was ran by an internet bot. Anyone who wished to use the phishing website’s services were required to pay 650 to 1000 yuan per month. Users were then required to register a domain name, download the required application, bind the IP to Ziyuan Management System, and finally join the chat where detailed tutorial was provided.
The authorities revealed that the victim’s Apple ID account was bound using email addresses. The victims had visited a counterfeit iCloud website with a domain name very similar to that of the official one through phishing emails, which resulted in stolen IDs.
The second method was through used mobile devices, which were either stolen or had lost their original bound accounts. The suspects first sent emails to Apple-bound email addresses, stole accounts for logging into iCloud and subsequently canceled the said account-binding. The said iPhone might be locked out due to the particular Apple ID being bound to other devices. These Apple IDs then allowed for double profiteering by allowing the suspects to blackmail the regular buyers of these used iPhones.
This underground industry, known in China as “Black Industry Chain”, involved five different type of operations, using this Apple ID blackmail case as an example:
- The first was creators of phishing websites, who provided web hosting services.
- The second was phishing website users, who stole Apple IDs by sending phishing emails and subsequently sold these IDs to extortionists.
- The third was the extortionists themselves, who log in to the iCloud official website using the acquired IDs, and then extort users of Apple devices by locking them out.
- The fourth was professional buyers and sellers of used mobile devices, who sold cheaply acquired Apple accounts to phishing site users and profiting after retrieval. They usually claim to have acquired the devices through usual and legal means. However, it was suspected that these devices were stolen goods instead.
- The fifth type was people who provided inquiry of Apple IDs, who used accounts of Apple devices and searched for Apple IDs corresponding to the said devices through related personnel. These IDs were subsequently sold to the said professional buyers and sellers of used mobile devices.
The police recommended the following countermeasures for combating such blackmail attempts:
- Confirm that it is the official website by checking the domain name, before entering your Apple ID or password. Should any alerts indicating that your device has been locked out, do not click to unlock your account. Click to cancel the alert, and proceed to change your password instead.
- Should your device be locked, log in to your Apple ID to retrieve your password by answering the security questions. If you are unable to do so, send an email to Apple’s customer service and provide screenshots or other evidence indicating that you have been blackmailed.