Another season… another new scam. The latest thing going around this season is a series of persistent phone calls. The messages make you aware of a compromise to your iCloud account. But it’s not one call, it’s a TON of calls, and the calls may continue to come in for several days. The persistency of the calls may make you wonder, ‘Is this legitimate?’
The answer is ‘No.’ If it were true that your iCloud account had been compromised, Apple would never call to inform you. Apple has way too many customers to keep tabs on every single account. They might send you an email, but even then, it would be months after the compromise had occurred. These things are rarely discovered and reported right away. What lets you know it’s a scam is the sense of urgency and persistence. Scammers love to press your panic button, because they hope panic will bring you to swift action. The faster you move, the less likely you are to calm down and realize the scam before it’s too late. That’s why scam messages always include a sense of great urgency… a telltale red flag! The calls should subside sooner or later, so be patient, ignore the calls, delete the voicemails, and live your life.
Now that we know about this scam, let’s talk about the role that you play in protecting your iCloud account. There’s an easy way to find out if your iCloud account (actually called ‘Apple ID’) is protected. This involves enabling a feature called two-factor authentication, or ‘2FA’. 2FA is triggered when you sign in to your Apple account, either on the Web, or when setting up a new Apple device. 2FA prompts you to enter a 6-digit code in addition to your password. You might receive this code on your phone as a text message, or you might receive it on another Apple device you use as a system pop-up message.
Your password is your first method of authenticating yourself. The 6-digit code is your second factor of authentication. Those codes are one-time use, so no need to save them. I expect many people are familiar with 2FA codes, because anytime you sign in online to your bank or investment account website, you are undoubtedly sent a 2FA code to your phone to authenticate that the person signing in really is you.
2FA adds an extra step for you, but makes it much harder for cyber-criminals to access your account. A criminal might be able to get your password, but it’s not likely they’ll also have access to your phone. If you’ve got 2FA enabled, then you can rest easy and laugh it off when those scam calls come in and make you think your iCloud account has been compromised.
So, how do I enable 2FA? I’m so glad you asked. On your iPhone, open the Settings app, tap [Your Name] at the top, and then tap Password & Security. This screen will tell you if you have 2FA turned On or Off. If it is Off, tap Turn On Two-Factor Authentication, and follow any prompts. That’s it… your Apple account, which includes iCloud, is now protected.
I hear people say that they dislike having to deal with this extra step. I also hear people say that they don’t use the cloud or have anything in the cloud worth protecting. I would bet that most people have more in the cloud than they realize. Consider this – Do you sync your Notes between devices? Do you keep your passwords in your Notes app? Do you see where I’m going with this…? It’s the cloud that syncs your notes between devices. Please don’t keep your passwords in your Notes app, but if you insist, then at least make sure 2FA is enabled!
To those worried about the extra steps that 2FA presents… You do have the choice to leave 2FA turned Off, however once 2FA is turned On, it cannot be turned back Off. For those a little annoyed by 2FA, I will say that you won’t be bothered with it for every sign in. For example, 2FA is not triggered every time you make an iTunes purchase or download an app. You’ll only see it when you setup a new Apple device, or you access your Apple account from the Web. It’s a really good idea to enable 2FA, and I highly recommend it. It should also give everyone peace of mind that your Apple account is protected, especially when the scammers start calling.
It’s a jungle out there. Stay safe. :O)