The “Locket Gold upgrade” scam is a sophisticated form of online extortion that exploits users’ gullibility and lack of understanding of security procedures. Users should be vigilant and only use services from reputable sources to protect their personal information and assets.

Sophisticated scam

Locket is a popular app that allows users to share images directly to their friends' home screens as widgets. Taking advantage of its popularity, scammers have advertised cheap "Locket Gold" packages on social networks, attracting users with prices ranging from only 5,000 to 40,000 VND.



Many posts on social media offer to buy Locket Gold. (Photo: Tien Phong)

After purchasing the upgrade, users are prompted to log into a different iCloud account instead of logging into the App Store to use Locket Gold. The scammer then locks the iCloud account the victim is logged into, preventing the victim from accessing and using their device. To regain access, the victim is forced to pay the scammers more money to unlock the iCloud account.

Being locked out of iCloud not only puts users at risk of losing control of their devices, but also puts them at risk of having their personal and financial data stolen. Fraudsters can gain access to all information stored in their iCloud accounts, including photos, videos , messages, emails, contacts, passwords, and other sensitive data.

Female student T (Cau Giay, Hanoi ) said she transferred 60,000 VND to buy "Locket Gold for permanent use", but just a few minutes later, her phone was completely locked. The scammer asked her to transfer nearly 10 million VND to unlock it. This amount was the money her mother had just sent to pay her tuition.

A male student in Hanoi shared on a forum: "I thought it would only cost 50K to try Locket Gold, but unexpectedly my phone was locked and they asked for 8 million VND to unlock iCloud."

Recommendations for users

Mr. Vu Ngoc Son, Head of Technology Department of the National Cyber ​​Security Association, said that according to Apple's design, the person holding the iCloud account is the legal owner of the device. Therefore, when this account falls into the wrong hands, they can completely lock the device remotely, and at that time, the user has almost no way to unlock it again. Using tricks to unlock iCloud also has many potential risks.

Mr. Son also noted that users need to be extremely vigilant against invitations to upgrade applications at unusually low prices. In particular, they should absolutely not log into a stranger's iCloud account on their device to avoid the risk of losing control, financial damage and loss of personal data.

Apple representative in Vietnam confirmed: "There is no way Locket Gold is pre-installed via iCloud account. All application upgrades must be done via App Store."

Cybersecurity units have received a number of complaints related to this fraud. In cases of fraud or detecting signs of fraud, users should report to the authorities for guidance on tracing, legal support and timely prevention.

Speaking to reporters of the Knowledge and Life Newspaper , lawyer Nguyen Ngoc Hung - Head of the Ket Noi Law Office (Hanoi Bar Association) said that this is a completely new and sophisticated trick and iPhone users are now a lucrative "prey" for high-tech criminals. The act of stealing iCloud accounts, causing the iPhone to be disabled and the criminals demanding ransom to unlock it is not only a common violation of the law but can constitute a serious crime under the Vietnamese Penal Code. According to Clause 1, Article 3 of Decree 25/2014/ND-CP, crimes using high technology are socially dangerous acts prescribed in the Penal Code using high technology. High-tech crimes are currently classified into the group of crimes in the field of information technology and telecommunications networks from Articles 285 to 294 of the Penal Code 2015 (amended and supplemented in 2017).

Lawyer Nguyen Ngoc Hung - Head of Ket Noi Law Office (Hanoi Bar Association).

Specifically, according to the provisions of Article 289 of the Penal Code on the Crime of illegally accessing another person's computer network, telecommunications network or electronic device, anyone who intentionally bypasses warnings, access codes, firewalls, uses another person's administrative rights or by other means illegally accesses another person's computer network, telecommunications network or electronic device to take control; interferes with the functioning of electronic devices; steals, changes, destroys, falsifies data or illegally uses services will be fined from VND 50,000,000 to VND 300,000,000 or imprisoned from 01 year to a maximum of 12 years. Offenders may also be fined from VND 5,000,000 to VND 50,000,000, banned from holding positions, practicing a profession or doing certain jobs from 01 year to 05 years.

Or in Article 290 of the 2015 Penal Code (amended and supplemented in 2017), it is stipulated that the crime of using computer networks, telecommunications networks, and electronic means to commit acts of property appropriation can be punished with non-custodial reform for up to 03 years or imprisonment from 06 months to 20 years. At the same time, the offender can also be fined from 20,000,000 VND to 100,000,000 VND, banned from holding positions, practicing a profession or doing certain jobs from 01 year to 05 years or have part or all of his/her property confiscated.

In addition, Decree 25/2014/ND-CP also defines other violations of the law using high technology as violations of the law using high technology but not to the extent of criminal prosecution. Violators of regulations on using the network to appropriate property may be subject to administrative penalties according to Article 81 of Decree 15/2020/ND-CP from VND 30,000,000 to VND 100,000,000. In addition to fines, violators may also be subject to additional penalties such as confiscation of exhibits and means of administrative violation for violations specified in Clause 2, Article 81 of Decree 15/2020/ND-CP.

Thus, for the theft of iCloud accounts that cause iPhones to be disabled and the criminals demand ransom to unlock them, depending on the behavior, nature, level, and specific circumstances of the crime, they will be handled in different forms, fines, and levels of treatment.

Recovering ransom money after it has been transferred to criminals is often difficult because transactions mainly take place through virtual accounts and e-wallets with unclear user identities. Criminals often use fake information, cross borders or change their identities immediately after receiving money to avoid detection. However, if the victim promptly reports to the police and provides full evidence such as transfer history, text messages demanding money, and fraudulent emails, the investigation agency is able to trace and verify the origin of these funds. In some special cases, thanks to professional measures, the authorities can recover part of the stolen assets, contributing to limiting damage to the victim. Therefore, the victim in this case should immediately report the incident to the police for support and handling in accordance with the provisions of law.

Common mistakes that users often make:

Be gullible when receiving gifts or money through strange apps or links, especially when shared by acquaintances (who may have been hacked).

Logging in to an Apple ID (iCloud) in a strange app is extremely dangerous because criminals can use the Find My iPhone feature to remotely lock the device and demand ransom (ransomware).

Lack of basic security knowledge such as two-factor authentication (2FA) or checking the origin of an application before installing.

How to protect yourself:

Never log in to your Apple ID with any application of unknown origin.

Always enable two-factor authentication (2FA) for your Apple, Gmail, Facebook… accounts to increase security.

Do not install apps via strange links – only download from the official App Store or Google Play.

Be wary of offers to win prizes, receive money, or receive unexpected gifts on social media or in private messages.

In addition, users can equip themselves with more knowledge about network security through nca.org.vn and chongluadao.vn - which provide tools to check fraudulent links and provide early warnings about spreading tricks.

According to cybersecurity expert Ngo Minh Hieu

Source: https://khoahocdoisong.vn/chieu-lua-nang-cap-locket-gold-mat-icloud-mat-luon-ca-tien-post1545373.html