Have you recently lost your iPhone or had it stolen? If so, then you should be aware of some phishing attacks that crop up after the fact.
The schemes are specifically designed to steal your Apple login credentials so the thieves can take full control of your phone.
Case in point, a strange tale posted on KrebsOnSecurity.com this week. After a woman’s iPhone was stolen in Brazil, robbers tried to phish her husband via texted links.
Here are the details: Three robbers nabbed a woman’s iPhone 5s during the daytime in Porto Alegre. Soon after, the Find My iPhone app showed her phone in a nearby city.
Her husband, Edu Rabin, then texted the phone and offered to buy it back.
The next day, he started receiving messages notifying him that the phone had been found and a link described as “a URL to reach it.”
The whole story is detailed on the post, complete with screenshots of the texts and the phishing website meant to look just like the Brazilian version of Apple’s sign-in page.
Rabin was smart and didn’t fall for the scam, but folks who are less savvy when it comes to such things easily could.
At that point, Rabin thought the scammers had given up. They hadn’t. He got an auto call two days later with a strange Siri-like voice.
“It came from a strange number and a voice sounding like Siri or the [Google] Waze voice, informing me that my iPhone had been found and to look for my SMS for more info,” Rabin is quoted in the KrebsOnSecurity post.
This isn’t the first report of an elaborate phishing scam following the theft of your iPhone.
Another Real-Life Story
Joonas Kiminki, the CEO of Wunder, a European digital agency, detailed what happened to him after his iPhone was stolen in Turin, Italy.
“I immediately did the obvious things, i.e. used my wife’s phone to call mine (as expected, it was powered off), marked the phone lost in Find my iPhone app, entered a text to display on the phone in case it ever returns online, clicked all the ‘send me email when the phone returns online’ checkboxes and drove for lunch. Nobody could access my data on the phone and since it’s connected to my iCloud account, others can’t reactivate the phone for themselves.”
Eleven days later, he got a text message and an email saying his phone had been found.
The email, which Kiminki provides a screenshot of, “looks exactly like an Apple email should. The sender is ‘Apple.’ Google Inbox, Apple Mail and the traditional Gmail all let the email pass as non-suspicious. All the links in the footer lead to the right places.”
At first, he was elated. He rushed to the address and started typing in his credentials.
Then he felt that something was “just not right.” He looked closer and realized two things: the address wasn’t from Apple (email@example.com) and the connection to the server wasn’t encrypted.
So why the elaborate ruse?
The thieves can’t activate an iPhone or any iOS device when it’s connected to someone’s iCloud account. This scam allows them to unlock the phone. What stood out to Kiminki is how professional everything looked.
“The email and the website content looked great, my phone really was an iPhone 6 and they even got the timezone right in the email.
“The email raised no alerts on any email client I use, including Google Inbox, mail.google.com and Apple Mail. No web browser, mobile or desktop, show any alarms on the fake site. Google.com knows virtually nothing about the site, the email address or the (probably fake) U.S. phone number the SMS was from. Very well done.”
The takeaways from both stories are clear: if you lose or have your iAnything stolen, be extra alert to upcoming identity theft attempts.
Are you covered for identity theft?