April 29, 2018 iPhone just stolen? You might give the thief your Apple ID password trying to get it back

iPhone just stolen? You might give the thief your Apple ID password trying to get it back

It probably doesn’t need to be spelled out: If your iPhone gets stolen, giving the thief your Apple ID credentials is a very, very bad idea. Nevertheless, a good friend of mine recently had their iPhone stolen here in Lusaka, and when the thief a few days later asked for the Apple ID and password, they promptly gave it to him, allowing him to just as promptly disable Find My iPhone on the stolen iPhone. There were no threats involved, in fact they never even spoke. How could that happen?

By an extremely clever con, and as my friend updated me and I saw how it unfolded, I can not swear I would not have fallen for it myself, despite being an appropriately security-paranoid IT head. Read on to make sure it doesn’t happen to you.

When doing the right thing primes you for doing the wrong thing

So what do you do when your iPhone gets lost or stolen? At the first gut-wrenching panic, your instinct is probably to load up Find My iPhone and wipe it, if possible.

Once you have thought a moment you might however realise…. maybe you could get it back? Find My iPhone is activated on it, which means it is locked to your iCloud/Apple ID account and cannot be reactivated. So it has pretty limited value for the thieves; they cannot use it, nor resell it for anything close to retail value. And they cannot get into it.

So it might be better to use Find My iPhone to put it into lost mode. This will just lock it into a screen that shows your phone number and a message of your choice. You could even offer a reward for its return, no question asked. Offering money to the thief sucks, but you might get your iPhone with your pictures back, and the thief might get just as much for the reward as he will get selling it.

Lost mode is the way to go for a stolen iPhone. Wipe was more appropriate in the past when it was easier to break into an iPhone

This is exactly what I would do, and what I have done for clients, and it is what my friend did as well.

The heist

Lost mode will only activate if and when the iPhone comes back online, and that will only happen if the iPhone is on and there is either a SIM card inside with data on it or it connects to a wifi network. When that happens, you will be notified by Apple that it has been located.

And that is what seemed to be happening for my friend. A couple days after it was stolen, he received a text message on his phone, alerting him that the iPhone had been located, with a link to open to see where it was on a map. The link led to a Find My iPhone login page, and after typing in his Apple ID credentials, a map displayed which showed him that the iPhone was active… at a specific place in South Africa!

 

Would you have stopped to ponder, had you received the above message, and then seen the log in page to the right, above? Remember that in such a situation you are highly primed, meaning you very much hope and want, for such a message to come from Apple. You are in exactly the right frame of mind to accept and proceed. Apart from the technical savviness of the above, this is the prime psychological mechanism the thieves employ.

An actual “found” message from Apple looks like this – and arrives by email

In case it hasn’t clicked yet: The above message is not from Apple, and the link and page it leads to are not from Apple. Both are from the thieves themselves, and is the bait used, once the thieves see your phone number deployed by you by putting your iPhone in lost mode. They take down the number, and send the above message to it, then wait and hope you click on the link.

You will notice a couple of things about the message, if you look closely: The phone number is from South Africa. And the URL shown is not from Apple (if you know how URLs work). But here in Zambia I think we have become used to getting messages from even big companies from foreign numbers, so that probably doesn’t ring an alarm bell (the gang is probably SA based). And it is easy to overlook the URL problem too, I know I didn’t react at first. There is also a badly constructed sentence in the message, but again this is easy to overlook because you will focus on the link.

Of course, once you enter your iCloud username and password in the linked-to page, the trap is sprung and it’s game over. The thieves have your credentials and can now easily disable Find My iPhone and also iCloud-unlock the iPhone so that it can be wiped and sat up as a new iPhone. Boom! iPhone gone for good.

Yes, they still cannot get at your iPhone contents, but that is a small consolation. The only good news I can offer is that if you have read this, you will not fall for this trick.

5 thoughts on “iPhone just stolen? You might give the thief your Apple ID password trying to get it back

  1. Good article. Very informative. It made me very interested to learn more about how to set up the “lost” message. Thanks

  2. Thanks on your marvelous posting! I quite enjoyed reading it, you could be a great author.I will make certain to bookmark your blog and will often come back in the foreseeable future. I want to encourage you to ultimately continue your great work, have a nice afternoon!

  3. Good day! I simply wish to give you a huge thumbs up for the great
    info you’ve got here on this post. I’ll be returning to your web site for
    more soon.

  4. Unfortunately just fell for this. Exactly as described above only that the purported iPhone support site we were directed to was icloud.service.com-sms.support.com (or something similar). They obviously prey on the excitement factor having lost a very personal and expensive item and suddenly feeling the prospect of getting it returned. In our case stolen at a concert so should have known better but when message was received thought perhaps it fell on the floor and was ultimately found. Realized our error after 2 attempts to log in did not work. Immediately attempted to sign in at Apple directly and, of course, it worked. Called Apple and realized (as already knew but ignored with our excitement) that Apple, like all banks, will not ask you to reply to a link but will call you or ask you to call. Within a 10 minute span it seems they cleared the phone from the iPhone account, shows in devices but no longer in find-my-iphone. In hindsight knowing it was stolen, should have perhaps just wiped the phone with find-my- iphone but from what I have read, this basically gives the thief a clean phone. Ultimately perhaps that is better than thinking they now have access to personal info on the phone. Although from the last line of your article, am I correct in understanding that they don’t get access to this info.? Seems incorrect but I would be happy to learn otherwise. We have changed the password but Apple advised against changing the user ID? Checked the CTIA IEMI stolen registry and it shows as stolen which is of some comfort. Thank you for putting this article together, we should all continue to share these stories and information in hope of helping others avoid these scams.

    1. Thanks for this feedback, much appreciated! As for the line about not getting to the contents of your iPhone, we think there is no way to get into your iPhone as it is, with your contents, without your passcode or fingerprint, even if the thieves have the user’s iCloud credentials. Yes it might be possible to get to the contents stored on iCloud, but not on the iPhone. Apple’s support article seems to confirm this: https://support.apple.com/en-us/HT204306
      So the thieves’s only option is to wipe and restore the iPhone.

Leave a Reply

Your email address will not be published. Required fields are marked *