A couple of weeks back, it was reported that an individual, operating under the pseudonym ‘Oleg Pliss’, was conning iOS device owners in Australia out of hundreds of dollars using a very simple but effective scam using Apple’s Find My iPhone infrastructure. Initially, it was reported that Apple’s iCloud infrastructure had been compromised somewhere along the line, but with the Cupertino outfit having swiftly stepped out and refuted these claims, it now appears that the group behind the well-organized scheme has finally got its comeuppance.
Scams occur all the time on a variety of platforms, and the unscrupulous individuals behind them are resorting to new and cunning ways to swindle money out of their victims. In the case of this incident, which saw compromised devices frozen up with the message “Device locked by Oleg Pliss,” the hackers used a very basic, tried-and-tested trick; using leaked credentials from other breached websites. Even though, with users forced to send between $50 and $100 a time, they probably made a decent amount of money from their crimes, the two-week spree has now come to an end thanks to the long arm of the law.
The users caught out in this case were stung not by having their iCloud accounts intruded into per se, but rather having their Apple IDs and passwords accessed. At the time, it was thought that this could have happened through another website – perhaps a fake site used as a part of the sting – or it might have simply been that the uncanny individuals took advantage of those using very easy-to-guess password patterns.
But now we know, as confirmed by Russian website MKRU, that phishing pages were indeed a major part of the whole fiasco. The two individuals responsible – aged 17 and 23 and both from Russia – have now been apprehended by Russian authorities, and both are said to have stood trial before charged with criminal activity. The hackers were caught on camera withdrawing the ransom money from an ATM, and after an investigation into a crime that also affected Russian users, it seems unlikely that any more iOS users will be graced with the unwelcome presence of one Oleg Pliss.
As a reminder, though, it’s always best to arm yourself with two-step verification, and with passwords, please, PLEASE opt for something difficult to guess.
(Source: MKRU [Google Translate])
You may also like to check out: