You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Clicked on a fake TikTok Link in Facebook

So, I was duped and clicked on a link that turned out to be a fake while on my iPad Pro 12.5. I disconnected from the device from the internet and powered off. I am now using another device to change all my passwords. What do I do next with the iPad I was using when I clicked the fake link?

iPad Pro, iPadOS 16

Posted on Jun 29, 2023 8:16 AM

Reply
Question marked as Top-ranking reply

Posted on Jun 29, 2023 9:48 AM

Clicking a bad-link isn’t necessarily a cause for immediate concern. If you have any worries, changing your account Passwords and AppleID Password is always a sensible precaution. Katana-San has already provided a link to a resource that describes steps that you should take if you suspect compromise of your AppleID.


Did you respond to any popup messages - or reveal any personal or sensitive information? If not - and you closed the pop-up or browser window, it is very unlikely that your iPad will have come to any harm.


Providing your iPad has been kept up-to-date with system software updates (iPadOS 16.5.1 being current), you should not be overly concerned for your iPad being directly compromised by malware. For older devices, no longer benefiting from regular security updates, or those that are not kept up to date when system software updates are available, the risk of an unpatched vulnerability being exploited increases. 


There are useful steps that you can take to reduce the risk of encountering malicious websites and/or potential exploits. You should note that there are no AntiVirus products available for iOS/iPadOS; neither is it possible to “scan” the filesystem for malware. The sandboxed security architecture prevents both malware and AV scanning Apps from accessing any data beyond their own reserved memory space and file storage.



Threat Mitigation


The majority of threats to which you will be invariably exposed will surface via web pages or embedded links within email or other messaging platforms. Browser-based attacks can be largely and successfully mitigated by installing a good Content and Ad-blocking product. One of the most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024


1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance, often utilised by so-called AntiVirus products intended for iOS/iPadOS. Instead, all processing by 1Blocker takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.


Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content is blocked from download. The 1Blocker product has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network extensions, extending protection to other Apps.


A further to improve protection from exploits is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I suggest using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:


Quad9 (recommended)


9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9



OpenDNS


208.67.222.222

208.67.220.220

2620:119:35::35

2620:119:53::53



Cloudflare


1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001



Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, or other reputable Content Blocker, provides defence in depth.


There are advanced techniques to further “harden” iOS/iPadOS (such as using DoH, DoT and DNSSEC). Apple has recently introduced its new Private Relay to its iCloud+ subscribers - in part employing ODoH (a variant of DoH) as an element of this new functionality. If you have subscribed to iCloud+, and have a device capable of running iOS/iPadOS 15.x or later, this feature is included. 





12 replies
Question marked as Top-ranking reply

Jun 29, 2023 9:48 AM in response to JennyLucyValentina

Clicking a bad-link isn’t necessarily a cause for immediate concern. If you have any worries, changing your account Passwords and AppleID Password is always a sensible precaution. Katana-San has already provided a link to a resource that describes steps that you should take if you suspect compromise of your AppleID.


Did you respond to any popup messages - or reveal any personal or sensitive information? If not - and you closed the pop-up or browser window, it is very unlikely that your iPad will have come to any harm.


Providing your iPad has been kept up-to-date with system software updates (iPadOS 16.5.1 being current), you should not be overly concerned for your iPad being directly compromised by malware. For older devices, no longer benefiting from regular security updates, or those that are not kept up to date when system software updates are available, the risk of an unpatched vulnerability being exploited increases. 


There are useful steps that you can take to reduce the risk of encountering malicious websites and/or potential exploits. You should note that there are no AntiVirus products available for iOS/iPadOS; neither is it possible to “scan” the filesystem for malware. The sandboxed security architecture prevents both malware and AV scanning Apps from accessing any data beyond their own reserved memory space and file storage.



Threat Mitigation


The majority of threats to which you will be invariably exposed will surface via web pages or embedded links within email or other messaging platforms. Browser-based attacks can be largely and successfully mitigated by installing a good Content and Ad-blocking product. One of the most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024


1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance, often utilised by so-called AntiVirus products intended for iOS/iPadOS. Instead, all processing by 1Blocker takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.


Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content is blocked from download. The 1Blocker product has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network extensions, extending protection to other Apps.


A further to improve protection from exploits is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I suggest using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:


Quad9 (recommended)


9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9



OpenDNS


208.67.222.222

208.67.220.220

2620:119:35::35

2620:119:53::53



Cloudflare


1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001



Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, or other reputable Content Blocker, provides defence in depth.


There are advanced techniques to further “harden” iOS/iPadOS (such as using DoH, DoT and DNSSEC). Apple has recently introduced its new Private Relay to its iCloud+ subscribers - in part employing ODoH (a variant of DoH) as an element of this new functionality. If you have subscribed to iCloud+, and have a device capable of running iOS/iPadOS 15.x or later, this feature is included. 





Jun 29, 2023 8:19 AM in response to JennyLucyValentina

If you believe that your iPad Pro may have been compromised after clicking on a fake link, here are some steps you can take to mitigate the potential risks:


1. Disconnect from the internet: You've already taken this step by disconnecting the affected iPad from the internet, which helps prevent further potential communication with malicious actors or systems.


2. Power off the device: By powering off the iPad, you reduce the chances of any ongoing malicious activity.


3. Clear browsing data: If you were using a web browser when you clicked the fake link, clear your browsing history, cache, and cookies. This helps remove any stored data that may be related to the fake website or link.


4. Reset network settings: To ensure any potential network configurations or connections set up by the malicious link are removed, you can reset the network settings on your iPad. Go to Settings > General > Reset > Reset Network Settings. Keep in mind that this will remove saved Wi-Fi networks and passwords, so you'll need to re-enter them afterward.


5. Update your iPad's software: Once you have taken the above precautions, ensure that your iPad is running the latest available software version. Regular software updates often include security patches and bug fixes that can help protect your device from known vulnerabilities.


6. Run a security scan: Consider using a trusted security app or antivirus software to scan your iPad for any potential malware or security threats. There are several reputable options available in the App Store.


7. Be cautious moving forward: Learn from the incident and be cautious when clicking on links or visiting unfamiliar websites in the future. Avoid clicking on suspicious or unsolicited links, and always verify the legitimacy of websites before entering any sensitive information.

Jun 29, 2023 12:46 PM in response to Horlarbordeyjohn

Horlarbordeyjohn wrote:

6. Run a security scan: Consider using a trusted security app or antivirus software to scan your iPad for any potential malware or security threats. There are several reputable options available in the App Store.

Owing to the sandboxed nature of iOS, there are no apps that can scan an iPad. So, I'm really not sure what "reputable options" you're referring to.

Clicked on a fake TikTok Link in Facebook

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.