April 29, 2018

iPhone just stolen? You might give the thief your Apple ID password trying to get it back

It probably doesn’t need to be spelled out: If your iPhone gets stolen, giving the thief your Apple ID credentials is a very, very bad idea. Nevertheless, a good friend of mine recently had their iPhone stolen here in Lusaka, and when the thief a few days later asked for the Apple ID and password, they promptly gave it to him, allowing him to just as promptly disable Find My iPhone on the stolen iPhone. There were no threats involved, in fact they never even spoke. How could that happen?

By an extremely clever con, and as my friend updated me and I saw how it unfolded, I can not swear I would not have fallen for it myself, despite being an appropriately security-paranoid IT head. Read on to make sure it doesn’t happen to you.

When doing the right thing primes you for doing the wrong thing

So what do you do when your iPhone gets lost or stolen? At the first gut-wrenching panic, your instinct is probably to load up Find My iPhone and wipe it, if possible.

Once you have thought a moment you might however realise…. maybe you could get it back? Find My iPhone is activated on it, which means it is locked to your iCloud/Apple ID account and cannot be reactivated. So it has pretty limited value for the thieves; they cannot use it, nor resell it for anything close to retail value. And they cannot get into it.

So it might be better to use Find My iPhone to put it into lost mode. This will just lock it into a screen that shows your phone number and a message of your choice. You could even offer a reward for its return, no question asked. Offering money to the thief sucks, but you might get your iPhone with your pictures back, and the thief might get just as much for the reward as he will get selling it.

Lost mode is the way to go for a stolen iPhone. Wipe was more appropriate in the past when it was easier to break into an iPhone

This is exactly what I would do, and what I have done for clients, and it is what my friend did as well.

The heist

Lost mode will only activate if and when the iPhone comes back online, and that will only happen if the iPhone is on and there is either a SIM card inside with data on it or it connects to a wifi network. When that happens, you will be notified by Apple that it has been located.

And that is what seemed to be happening for my friend. A couple days after it was stolen, he received a text message on his phone, alerting him that the iPhone had been located, with a link to open to see where it was on a map. The link led to a Find My iPhone login page, and after typing in his Apple ID credentials, a map displayed which showed him that the iPhone was active… at a specific place in South Africa!

 

Would you have stopped to ponder, had you received the above message, and then seen the log in page to the right, above? Remember that in such a situation you are highly primed, meaning you very much hope and want, for such a message to come from Apple. You are in exactly the right frame of mind to accept and proceed. Apart from the technical savviness of the above, this is the prime psychological mechanism the thieves employ.

An actual “found” message from Apple looks like this – and arrives by email

In case it hasn’t clicked yet: The above message is not from Apple, and the link and page it leads to are not from Apple. Both are from the thieves themselves, and is the bait used, once the thieves see your phone number deployed by you by putting your iPhone in lost mode. They take down the number, and send the above message to it, then wait and hope you click on the link.

You will notice a couple of things about the message, if you look closely: The phone number is from South Africa. And the URL shown is not from Apple (if you know how URLs work). But here in Zambia I think we have become used to getting messages from even big companies from foreign numbers, so that probably doesn’t ring an alarm bell (the gang is probably SA based). And it is easy to overlook the URL problem too, I know I didn’t react at first. There is also a badly constructed sentence in the message, but again this is easy to overlook because you will focus on the link.

Of course, once you enter your iCloud username and password in the linked-to page, the trap is sprung and it’s game over. The thieves have your credentials and can now easily disable Find My iPhone and also iCloud-unlock the iPhone so that it can be wiped and sat up as a new iPhone. Boom! iPhone gone for good.

Yes, they still cannot get at your iPhone contents, but that is a small consolation. The only good news I can offer is that if you have read this, you will not fall for this trick.

One thought on “iPhone just stolen? You might give the thief your Apple ID password trying to get it back

  1. Good article. Very informative. It made me very interested to learn more about how to set up the “lost” message. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *