You’re casually browsing your email inbox on your iPhone and because you’re clicking before thinking, it led you to accidentally opening an email that initially looks legit. However, upon closer inspection, you now suspect that it’s a malicious email.
Maybe you clicked on it (or maybe not) and you’re worried about whether this random mistake will be the gateway to your phone being hacked. You’re probably losing sleep for fear that your online banking and money transfer apps will be compromised, your social media accounts will be at risk, or maybe your unfiltered selfies will be released to the world.
But wait… should you be worried? Since you have an iPhone, which is supposed to be very secure, then this should not be a problem, right? Can you really get viruses and malware on your iPhone because you clicked on a spam email or perhaps opened a suspicious website?
In this article, we will talk about how spam and phishing emails work and if iPhones are vulnerable to these kinds of attacks. We will also discuss some tips on how you can protect your phone from malware and what to do if you feel that your phone has been compromised.
How Spam and Phishing Emails Work
Over 300 billion emails are being sent every single day. Of course, not all of these emails are important or require a response. Many emails are spam or junk emails, which are unsolicited email messages that are sent in bulk to mass recipients as a marketing or promotional tool. In March 2020, spam messages reportedly accounted for 53.95% of email traffic worldwide.
While there are harmless spam emails sent by companies wanting to advertise their products, there are also malicious unwanted emails designed to steal user data such as username, passwords, credit card numbers, etc. These emails are popularly known as phishing emails.
So how do phishing emails work? Phishing emails are typically disguised as emails from genuine companies or organizations so it is not unusual for an average user to think they are legitimate messages. The goal is for the user to open the email and take action as instructed by the email. But phishing is not only limited to emails as you can also get phishing messages through text (SMS), or through other messaging applications.
The action required by a phishing email would typically be to click a link to “verify” a user’s information by entering personal details or financial information. Sometimes, a phishing email will not even require you to do anything but download an attachment. Many phishing emails also have “clickbait” subjects that are either panic-inducing, scandalous, or intriguing to incite the user to click or open the email. Once the user falls for this trap, the hackers will be able to hijack the person’s device to steal their credentials or data.
Phishing is an increasing problem not only for businesses but also for many individuals. What many people do not realize is that the majority of malware is sent through email. The 2020 Verizon Data Breach Investigation Report found that credential theft and social attacks, which include phishing and business email compromise, cause 67% of the data breaches that took place in the past year.
I have an iPhone, Can I Get Hacked by Opening a Phishing Email?
The iPhone uses a unique operating system called iOS. Created by Apple, this operating system was marketed to be more secure than other mobile operating systems. Because of this, many iPhone users have a false sense of security that it is impossible for their iPhones to be hacked.
If you search online “Can you get a virus from opening an email on your iPhone?”, you will find user forums saying that it is rare for this to happen. However, more recent events proved this to be untrue.
So, can iPhones get viruses or malware?
Yes, iPhones can be vulnerable to malware attacks and these can lead to data theft.
One of the most popular iPhone hacks that shocked the world was when the iPhone X of Amazon founder Jeff Bezos was hacked. In January 2020, it was announced that a forensic study of Bezos’ iPhone revealed that the hack was caused by a video that was sent in 2018 through WhatsApp. This video had a code of malware that gave the hackers access to Bezos’ texts and photos. So, if the iPhone of the wealthiest man in the world can be hacked, then it is not impossible for an average user to also fall victim to these attacks.
Another finding that challenged the security of iPhones was raised by cybersecurity firm ZecOps. According to the ZecOps report released in April 2020, the iPhone’s default Mail app is vulnerable to hackers due to bugs (error or flaw in a software). The firm said that they noticed suspicious activity in the Mail app dating back to 2018 and after investigation, they found that an iPhone could be vulnerable if the user just opens the email on the app – even without clicking anything.
Unlike other phishing emails that require you to click a link or enter some information, the email that ZecOps encountered was an empty message. Once you open this message, it will cause the iPhone to crash so you would need to reboot. The hackers will reportedly get access to your phone during the reboot and could take control of your device. ZecOps disclosed that this type of email hack victimized at least six high-profile individuals.
What to do if you accidentally opened a phishing email on your iPhone
If you accidentally opened a phishing or spam email on your phone, your next steps will depend on the action that you took. Did you just open the email or did you click on it? Did you download an attachment? Did you actually enter any personal details like your username, email address, verification code, phone number, financial information, etc.?
If you just opened the phishing or spam email by mistake without clicking anything:
You’re probably wondering the steps involved in how to scan your iPhone for malware. If you are not sure whether your iPhone is compromised, follow the steps below.
- Check your phone for unfamiliar apps or downloads that happened recently.
- Delete these apps or downloads if you do not recall downloading or using them.
- Turn off background app refresh to minimize the risk of unwanted apps running without your action required. This will also save battery life.
- Change your passwords on your online and financial accounts linked to your iPhone.
- Monitor your phone for any change like apps not working properly or battery draining easily.
- If you see any of these phone issues, you can back up your data and do a factory reset on your iPhone. This will wipe all of the data on your phone. Be careful about restoring your backup again as your files may have been compromised already. If you used a backup and the same problem occurs, do another factory reset and download your apps again.
- Always update to the latest iOS version and latest apps because the newer versions usually fix any detected security bugs.
If you opened a phishing email and clicked on a link or downloaded an attachment:
- If you downloaded an attachment, immediately delete it from your phone.
- If you clicked on a link that redirected you to another website, close the website.
- As an added protection, wipe off the history of your browser on Chrome or Safari.
- Change your passwords in your online and financial accounts linked to your iPhone.
- Monitor your phone for any change like apps not working properly or battery draining easily then do a factory reset process if necessary.
If you opened a phishing email, clicked on a link, and took action by entering your financial details or login credentials:
Hackers often send phishing emails disguised as emails from banks or other companies requiring you to verify your financial information. Some emails will even look like a warning that your account has been compromised so you need to take immediate action by following the steps indicated. However, these are often phishing emails created to gain access to your financial accounts.
- Change your passwords immediately on your financial accounts on your iPhone.
- Change your passwords on social media and other online accounts that may be linked to your Apple Pay, PayPal, or other money apps.
- Contact your bank or credit card provider to inform them of the possible breach. If you inform them as soon as possible, they could stop suspicious transactions from taking place.
- Regularly monitor your banking activity in the next few weeks to see whether there are suspicious transactions taking place. You can ask the bank to send you text notifications for any purchase so it will be easier for you to review any transaction. Be wary of small amount transactions because sometimes hackers will charge very small unnoticeable amounts like $1 to $2 repeatedly so you won’t notice but eventually this could add up.
If you opened a phishing email, clicked on a link, and took action by giving away personal details:
Some phishing emails are designed to dupe you into giving private personal information such as your full name, birth date, social security number, complete address, etc. Once the hackers gain your personal information, they can use this to perform fraudulent acts like get into your financial accounts or commit identity theft.
- If you’re worried that your Social Security Number is compromised, you can go to my Social Security webpage to check your account for any inconsistencies. You can also check our complete guide on “How to check if someone is using my Social Security Number for employment”.
- If you gave away your personal information and you are worried that you could be a victim of identity theft, you can go to identitytheft.gov, the U.S. government’s online portal where you can report such crimes.
Protect your iPhone from phishing emails and malware
In this day and age, no piece of technology is safe from malicious attacks- and that includes your iPhone. It is very important to protect your phone and yourself from being a victim of malware and phishing emails by always being wary of the messages you’re receiving. Avoid opening or clicking on links in emails and messages from unknown sources. This will greatly minimize the risk of falling victim to a malware attack. You can also install antivirus apps for IPhones that can warn you in case there are any suspicious attacks.