Hi. So a question about an incident that happened yesterday.
My mom has an Iphone 15. She needed to talk to apple so she googled a number and called, you guessed it, a scammer number. The guy had her download from the app store some VPN “remote assistance” app that was connected to his computer for at least 90 minutes before terminated. My mom, suspicious it was a scam, hung up when he started to ask her to do things, but did not delete the app.
When I found out what had transpired I deleted the app.
I’m concerned because I discovered that *despite my best efforts* my mom’s cyber security protections were extremely weak. Namely she kept pictures of her drivers license, birth certificate, marriage license, passports and so forth within Photos, and worse, within the Contacts app, she had entries for every website and financial institution (she basically used it as a password manager). The American Express entry for example, had the card number, he expiritation, the 4 digits, the website login and password and the account number.
We’ve already canceled all the cards and I’m migrating her to a password program and making sure that information of that sensitivity is never stored like that again, but I had a few questions:
-
Is it possible the scammer took anything? Did rip the photos or the contacts list? There was no on screen activity. Could it have happened without seeing any activity?
-
Is screen sharing possible with 3rd party VPN apps like that? Could he have seen her information as she navigated through the contacts list?
-
Was instead, the goal of the VPN “remote assistance app” to instead be a middle man and intercept future unencrypted data transmissions?
-
Having removed the app, is there any risk there could be malware or something else he installed that would be undetected or not seen as an app (or buried, not on a home screen) that would still allow a connection?
-
Is there any need to wipe the entire phone?
Thank you for the advice and help!
SAFETY NOTICE: Reddit does not protect you from scammers. By posting on this subreddit asking for help, you may be targeted by scammers (example?). Here’s how to stay safe:
- Never accept chat requests, private messages, invitations to chatrooms, encouragement to contact any person or group off Reddit, or emails from anyone for any reason. Moderators, moderation bots, and trusted community members cannot protect you outside of the comment section of your post. Report any chat requests or messages you get in relation to your question on this subreddit (how to report chats? how to report messages? how to report comments?).
- Immediately report anyone promoting paid services (theirs or their “friend’s” or so on) or soliciting any kind of payment. All assistance offered on this subreddit is 100% free, with absolutely no strings attached. Anyone violating this is either a scammer or an advertiser (the latter of which is also forbidden on this subreddit). Good security is not a matter of ‘paying enough.’
- Never divulge secrets, passwords, recovery phrases, keys, or personal information to anyone for any reason. Answering cybersecurity questions and resolving cybersecurity concerns never require you to give up your own privacy or security.
Community volunteers will comment on your post to assist. In the meantime, be sure your post follows the posting guide and includes all relevant information, and familiarize yourself with online scams using r/scams wiki.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
-
Yes, stuff can be done in the background (eg: file transfers)
-
VPN = Virtual Private Network, what you said sounds like a RAT (Remote Access / Admin Tool) like anydesk VNCviewer or TeamViewer.
-
It was most likely used to steal passwords, banking details, photos etc
-
Once the session is terminated there should be no further access, a Zero-day exploit is possible but not likely, especially if the iPhone is up to date
-
Probably not unless you feel it’s the best course of action, whatever they took has already been taken. You can do a malware scan. Changing all passwords is a great idea and should be enough.
I’d suggest teaching her how to spot scams properly.
Not expert here but some things to consider. Iphone has less malware because it is well protected by default. If she installes a VPN profile, all traffic can go thru a malicious VPN that could steal indormation. There is no antivirus ios app but some Mac/Windows apps can scan a connected iPhone (backup), e.g. Imazing
Thank you for the reply. I looked and the tool used was Imperius Remote Desktop.
Just checked, it’s definitely a RAT.
Definitely do a virus / malware scan but my assumption is that there’s nothing left.
Thanks for checking! Do you have any malware scan suggestions for an iPhone? Things like Malwarebytes and Avast looked more like VPN and account monitoring service bait than scanners.
Honestly not sure because I haven’t used apple since the 13 pro max but someone else suggested iMazing.
Looked it up and I do remember it, pretty sure I used it way back with the iPhone 4 - 8 for backing up my phone.
If possible, I’d use it only offline (eg: block it’s in & out going connections) just to be safe.
Apples security is pretty good. So unless the phone is jailbroken and the default password wasn’t changed then I highly doubt anything was left behind.