Memorandum on what to do if your Apple ID has been hijacked

　My Apple ID has been hijacked.

　Not my Apple ID, but my parent's Apple ID.　I had a hard time dealing with it, so I wrote a memorandum.

Index

• 1 premise
• 2 situation
• 3 reasons
• 4 coping
  • 4.1 Stop payment
  • 4.2 Change the password of the site you are using
  • 4.3 Attempting to reclaim your account
  • 4.4 Unlinking carrier billing
  • 4.5 Recapture the terminal
• 5 Recovery
  • 5.1 Photos and Contacts
  • 5.2 Game data
  • 5.3 Create a new Apple ID
• 6Final damage situation
• 7 measures
• 8 Be especially careful when managing your Apple ID

premise

　The devices that parents used were the 2nd generation iPhone SE and the 4th generation iPad Air (Wi-Fi model). The line is contracted with SoftBank, and the person in the name is the author.　Apple ID and other account management are all left to parents. I haven't chewed anything.

situation

　One day I received an SMS from my parents saying, "I can't log in to my Apple ID." Did you forget your password? When I asked him to send me a screenshot, I understood the situation because the last two digits of the phone number that I did not have were displayed on the two-step verification screen.

　When I asked about it in detail, the same symptoms occurred on both machines, and I thought, "Oh my God, it's a problem." However, when I heard about the situation, everything changed. Understand that the linked payment is carrier payment.

　However, the person in question thinks that the author has changed the password of the Apple ID without permission (I do not know the ID and password in the first place) and just asks, "Do something quickly, make sure you can update it." In order to get them to understand the situation, I gave a shout and explained the situation in detail. It seems that he finally understood, and the end of the call was silent from beginning to end.

reason

　Do you have any memorable verses? When I asked her, she said, "I logged in because I received an unfamiliar SMS saying that I had received a package." Well this is definitely it.　Why don't you think that you need an Apple ID for SMS notifying you that your package is missing? In the first place, I usually correspond with the automatic input of the iPhone, but why does it not come out at this time? It's a mystery that I don't think about it.

handle

　Now let's actually deal with it. This time, I followed the steps below: Details of each process are described later.

1. (Carrier) Restrict carrier billing, lower limit, suspend line, unlink with Apple ID
2. (Card company) Contact the card company to suspend the use of the card and reissue it
3. (Each) change the password for each service from another device
4. (Apple) Attempting to recapture Apple ID, ask for future response steps
5. (Yourself) backing up data, initializing, creating a new Apple ID, restoring the environment

stop paying

　The first thing to do is to stop carrier billing. In the case of SoftBank, if you can log in to MySoftBank, you can restrict the use of carrier billing.

　As an aside, I would like to introduce my family rule. In my opinion, I think it's bad to put restrictions on anything. As much as I do. Because she thinks she has to learn for herself what is wrong and what is right. If I explained the reason for carrier billing, I made an arrangement to pay for it myself.

　Parents, however, are different. Parents are independent and have credit cards. Therefore, I had arranged to pay with my credit card, but apparently I was breaking the rules. It's a sad reality that my high school sister can protect me but my parents can't.

　End of digression. Well, if I can log in to MySoftBank, I just have to ask Apple to take care of it slowly, but I was told, ``I don't know the password or login method for MySoftBank,'' so I decided to have the device mailed. I was scared during that time, so when I consulted with the shop, they said, "If you stop the line, carrier billing will also stop," so I agreed to stop the line. By the way, it is said that the MySoftBank password cannot be issued at the shop. I used to think I could, but now I can't seem to. This means that carrier billing has stopped.　Just in case, credit card was also registered? I guessed that and had my credit card reissued.

Change your password for the site you are using

　If you think about it normally, you may think, ``Isn't it possible to change only the password of the hijacked site?'' ``Is it a countermeasure for password reuse?'' However, in the case of Apple ID, this is a big mistake.

　Because Apple ID provides a function called iCloud Keychain , which is like a so-called password manager. As a result, if you hijack your Apple ID, you will be able to access iCloud Keychain and log in to all sites .

　This is going to be a very frustrating situation. This is because it is necessary to temporarily change the IDs and passwords that have been managed using iCloud Keychain so that they are not automatically saved. If it is automatically saved here, the new password will be shared with iCloud Keychain carefully.

　On the other hand, it is very difficult to manage IDs and passwords for all sites with paper or other devices, so it seems necessary to evacuate with 1Password or Chrome password management. (In the first place, if you can do this level by yourself, I think that this will not happen)

try to reclaim the account

　Contact Apple Support to recover your hijacked Apple ID. However, since the Apple ID has been hijacked, the Apple support app that I usually use cannot be used. Therefore, it is best to contact us by phone. Contact information is 0120-277-535.

　If you talk to support that "Apple ID has been hijacked", they will check the situation and introduce a countermeasure, but "In this case, the two-step verification has also been stolen, so it is impossible to recapture the account." (Summary). Well, I guess so. This will cause you to lose all your saved photos, backups, and game data. I don't think I'll learn unless I get hurt, so I agree.

　If an account with two-step authentication is stolen, it cannot be recovered . Let's remember properly so that everyone does not meet painful eyes. And let's make sure you don't get caught in a stupid SMS.

Unlinking carrier billing

　Well, if you can't recapture your account, it's disgusting that the payment is tied to it. what to do with this.　In the case of SoftBank, the "Apple ID owner" must go to the shop and ask to cancel the carrier billing. It seems that you can't do it with the line name, so be careful. I personally don't like calling people who get caught in such SMS to the shop, but it seems that it can be done if the shop responds to the number corresponding to Apple support. In my case, it was troublesome, so I forcibly disconnected by transferring to another carrier.

take back the device

　All Apple devices are tied to an Apple ID, so even if the Apple ID is stolen, the device will be activated locked and cannot be used even if it is initialized. How do we avoid this?

　When I consulted with support, the following flow was guided. This is only available if you know your device's passcode. Please note that if you make a mistake in the procedure, you will need to send your device and proof of purchase to Apple, which can take up to 30 days.

1. Put your iPhone, iPad, etc. into recovery mode
2. Connect to PC and restore
3. When you connect to Wi-Fi, there is an indication that activation lock will be applied, so select "Unlock with passcode" below
4. Enter your passcode to unlock the activation lock.

　If you follow this procedure and initialize, the activation lock will be removed and you will be able to use the terminal freely. I also tried it, but it was definitely canceled and I was able to use it freely.

restoration

　Now that we have a chance to recapture the device, let's think about the process of recovery.

1. Do some data rescue before initializing the device
2. Initialize and unlock activation lock
3. Make it possible to send and receive mail
4. Create an Apple ID
5. Install the app and restore the environment

photos and contacts

　Will this actually happen someday? With that in mind, before handing over the iPhone, I set up automatic backup of photos in two places, iCloud and Google Photos, and set the contact and email information to use Google as the basic system. Risk distribution is also important. Aren't you a genius a few years ago? I thought. If your parents haven't changed these settings on their own, you should be able to easily save your memories and work data just by logging in.

　In this way, you can not export contacts with iCloud while your Apple ID is hijacked. Also, even if you try to use the application provided by the carrier, the application is not in a state where it can be installed. Is it safe to use suspicious software that connects to a PC and extract data, or export one by one with AirDrop?

game data

　This time, parents will give up the game data. I will tell the readers, but some games introduce how to transfer data without using iCloud (Game Center).

　Since these differ depending on the game, it cannot be explained unconditionally, but many games such as backing up data using Twitter, Facebook, and Google accounts and issuing transfer codes are created so that they can be transferred without using an Apple ID. For details, please contact the support of each game.

Create a new Apple ID

　Once you've moved the data you want to keep somewhere else, it's time to clean up your iPhone. Release the activation lock by the method introduced earlier and create a brand new iPhone. If you have multiple devices, you can follow the instructions on the initial settings screen, but if you only have one device, it is better not to log in and create a new Apple ID on the initial settings screen. Skip everything and create a state where you can send and receive emails first.

　Create a new Apple ID and restore the environment. First of all, I'm going to set up my email environment so that I can receive newly created emails, but I'm stuck with Google login.

　Normally, after logging in with a Google account ID and password, you can easily log in using another device with two-step authentication, but in the first place you can not log in with the ID and password you heard in advance. Even if I try to reset the password, I have no other device (I only have two devices, an iPhone and an iPad, and I was not logged in with the iPad, so I was relying on the iPhone), so I used the iPhone first. I can't log in after resetting. Also, there is SMS authentication as the final secret, but I can not receive SMS because the line is stopped. If you do not clear this, you will be stuck at the beginning, so apply to resume using the line so that you can receive SMS.

　Successfully logged in to your Google account after resetting your password. I was able to successfully create an Apple ID and download Google-related apps. I was able to confirm that the photos and contact information were properly left. Let's say OK for now.

Final damage situation

　What worries me is the extent of the damage. This was also a hassle.

　I ordered various terminals from my parents' house, and while I was working on it, I noticed that the email address (Yahoo! Japan) that was set with my Apple ID had not been logged in for more than half a year, and the service was disabled. In the first place, there was no information about unauthorized login and how much was used. I don't get it.

　The Gmail address I prepared as a sub was also left unreceived for more than half a year due to a login error. I can't even see Amazon's purchase notification... Even if it was used illegally, it was not noticed.

　Although the detailed amount was not confirmed, the amount of payment with Apple ID was about 100,000. Please contact your card company and let them deal with this.

　Carrier payment is set to the upper limit of 100,000, so how much was it used ...? When I logged in to MySoftBank and checked, this is 0 yen. I was relieved for the time being.

measures

• Don't open links you don't know
• Do not log in blindly
• Search for what you don't understand

　Do not open URLs received from unknown users. This is common sense. In the first place, shipping companies do not send SMS in principle, and even if they do, it will only be received as a character string from the driver.

　And don't log in to URLs that come from unknown sources. Make sure the URL is correct. If there is a notice, many services will give you a notice on the top page when you access it from the top page you usually use. Also, use a password manager, etc., to automatically log in with biometric authentication. These automatically determine the URL, and if the site is different from the original, you will not be able to log in (suggestion will not be displayed). If you can't log in, suspect the site, not the system.

　Read the letters. Errors or unusual cases Instead of clicking Cancel or Close without reading, read "Why can't I log in?" to identify the cause.

　let's think. Is it necessary to log in to Apple's account information even though it is an email from a shipping company? I don't think so. that's all.

　It's best to get into the habit of researching things you don't understand. I got an SMS when my parcel arrived, is that true? Call the shipping company and find out, did you order anything from Amazon? View your order history. Get in the habit of investigating.

Take special care when managing your Apple ID

　What I realized when my account was stolen this time is that if my account is stolen, not only photos and data, but also IDs and passwords of other sites stored in iCloud Keychain, payment information, and the lock of the device itself, almost everything. be robbed. In order not to lose such an important account, do not log in easily. Check your information by logging in from the official app or website you usually use.