Month: September 2017

iPad, iPhone, Mac Book and Apple Watch devices are locked for ransom!

It has come to light from middle of September that there has been attacks on apple devices.

The attack manifests itself as a malicious person getting through the security of users’ icloud account using the “Find My Device” feature.

The malicious person will set a specific device to “lock”, this will enable the iPad, Apple Watch, Mac Book or iPhone to be locked, in theory so a thief can’t access the data and make the device unusable and once you have the device back in the correct persons hand you’ll then input the code to make it all work again.
Except in this circumstance people are seeing a message along the lines for “pay me X.XBTC to address XYZ and I’ll send you a code to unlock”.

The hacked accounts are often users who use the same passwords for different sites, where those sites might have been compromised. It is advisable to change your icloud login details to something else if you are a person who uses the same logins for different sites.


Some people and sites are advising to disable the “find my” device service, but that rather defeats the object of the service. However as some have also pointed out Mat Honan (Journalist) was hacked after a successful attack after someone called the Apple support to change his password with his billing address and his last 4 digits of his credit card. You can read about that below.

How Apple and Amazon Security Flaws Led to My Epic Hacking

Bad emails. Spotting and dealing with them

Bad emails / Malware emails / Scam email

Emails fly about between servers and computers all day, thousands every second around the world are sent. Most of the emails are legitimate. But the email system is open to abuse. There are holes in it.

I categorise bad emails in 2 sections, those with attachments and those who try and get you to download attachments. The 2 examples below are the latter.

Bad emails

How do you know a legitimate email?

Above is an image of what I call a bad email. It’s an email that looks perfectly good, from Dropbox, it even has a no reply email from dropbox. But clicking on the “view file” link will take you off to a website that is unknown. It might be a site that looks like Dropbox, but even by clicking that link the sender of the email will know they have a live email address. This could be the start of a series of targeted emails to gain personal information / money / trust etc.


So how do you tell this is a bad email?

First, think who is this person, Nathaniel Walsh? If you know him, great, but DO NOT assume the file is safe.
Are you expecting an email from him with a statement? If you’re not, give him a call and ask him, it takes 2 minutes! If he has not sent you an email then it could be a scam, his computer or email system could have been breached and you and other people from his address book might have been targets by scammers/hackers.

Also check the links in emails, don’t click on them! But hover your mouse over the link and see where it will take you. If it is a place that isn’t that of the email that has been sent, then it is likely a fraudulent email.

Another example

Bad emails efax

Take a look at this image of an email. You think someone has tried to use 20th century technology in a 21st Century way. You might wonder what it is. But first, do you recognise the caller ID? It is 0151, a quick google shows it is from Liverpool. Are you expecting anything from a company in Liverpool? Do you do business with a company in Liverpool? If you look at what is sent via fax, really only legal documents are faxed these days. There will be the odd occasion when faxes are used, but it is rare and it has been felled by email and pdf documents.

You will also notice the domain the link sends you to is about truck hire Australia, have you hired a truck in Australia from a company in Liverpool?! This is obvious that it is spam or a scam as those 2 situations for myself are untrue.

Again, if you have hired a truck in Australia from a company in Liverpool, give them a call and ask, “have you sent me an efax message?” If they say no, it’s a scam! Maybe it is a coincidence or maybe it’s a specific attack.
If you suspect it is a specific attack attempt then you engage with our security consultation service and we can advise. Contact to consult with us.


If you find yourself with an email and an attachment from either a known person or unknown person then follow the rule of call that person up. Ask them if they’ve sent you an email with an attachment. If they haven’t tell them you have received something from them, they should investigate this and you might need to send the email to their IT team. It’s unlikely to do any damage sitting in your inbox. If you click links or download the file then that is when the damage is done.

Even with files that attached and from a trusted source, that you are expecting you should download the file to a directory (or folder) on your computer and then with modern antivirus software you can run a scan on the file and tell if it is safe. Don’t run the file, even if it is a .docx (document) file or something you’ve trusted in the past.


Emails with attachments

Emails often come to us with an attachment; most modern antivirus software will allow us to scan as the attachment is downloaded. This method is good if you’re using a laptop to download an email. I’ve sometimes been emailed by family members, colleagues or customers who have had some malware infect their computer, only to find I get an email from them with a strange attachment that I was not expecting.

If you have an email like this, the advice is the same as above: call the person and ask them if they’ve actually sent you an email as they might not know they have a problem. If they have then it should be OK, but you should download the email and scan it first with Antivirus anyway!


To summarise:

Identify emails.

Call the person you’ve got the email from.

If you get a bad email:

Don’t click the links, see where the link goes.
Tell the company in question, some of the larger companies especially have teams of people (IT team normally) who deal with SPAM & Bad emails. The company might ask for the email to be forwarded to them.

Scan any downloads with a virus program. I like Avast or AVG (free versions are good)