3 min read

Lost your iPhone? Be on guard for a perfectly-timed Apple ID phishing attack

Graham CLULEY

August 02, 2016

Lost your iPhone? Be on guard for a perfectly-timed Apple ID phishing attack

It’s happened to me, and chances are that it’s happened to you too.

When you lose your smartphone you can feel desperate for its safe return. Not only is it often an expensive piece of hardware, but it’s the essential tool that connects you to your online life and keeps you in contact with your friends, work colleagues and family.

But perhaps most important of all – it’s the device that logs you into countless accounts, make purchases from, and maybe even use for banking online.

Losing a phone isn’t just an inconvenience, it can be a potential stepping stone for having your identity stolen.

So the good news is that modern devices like iPhones come with powerful security features that can not only lock out unauthorised users, but also actually help you remotely wipe or even (if you’re lucky) reunite you with your lost device.

So when Joonas Kiminki lost his iPhone, he did what any sensible chap would do – he marked his device as “lost” with “Find my iPhone”, happy in the knowledge that it would prevent someone else from reactivating his iPhone and that nobody would be able to access his data.

As Kiminki describes in a blog post, a week and a half went past with no report of his iPhone being found.

And then, out of the blue, he received an email saying that it had been discovered.

iphone-phishing-email
Source: medium.com

He also received an SMS message.

iphone-phishing-sms

Good news, right? Cause for celebration?

Well, I hope in the excitement at hearing your iPhone has been found that you wouldn’t do anything rash.

Because clicking on the link would take you to a webpage like this, asking for your Apple ID and password.

iphone-phishing

Despite initial appearances, that’s not the real iCloud login page.

Kiminki is certain that plenty of people would have been fooled into entering their credentials, handing over their password to the criminals. After all, the timing was ideal – the scammers knew you had lost an iPhone (they had clearly “acquired” it) and chose the perfect moment to dupe you into revealing your login details:

I”m pretty sure many people would have just punched in their apple id and password and only then wondered why the login doesn”t work.

As far as I know, this was the first time I was targeted personally by an attempted identity theft. The scammer did very many things very right and nearly got me to give up my account details. Maybe if I”d read the email before looking at the SMS (in which the strange address was a bit more prominent), they would”ve gotten me.

What strikes me the most is that everything seemed very “right” and professional. The email and the website content looked great, my phone really was an iPhone 6 and they even got the timezone right in the email.

Well done to Kiminki for not falling for the scammers’ trap, and for warning others about how opportunist iPhone thieves are getting more sophisticated in their attempts to make the most money out of the device they have stolen from you.

And don’t forget – you should always use a strong, unique password for your Apple ID, and enable two-step verification.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read