3 min read

Lost your iPhone? Be on guard for a perfectly-timed Apple ID phishing attack

Graham CLULEY

August 02, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Lost your iPhone? Be on guard for a perfectly-timed Apple ID phishing attack

It’s happened to me, and chances are that it’s happened to you too.

When you lose your smartphone you can feel desperate for its safe return. Not only is it often an expensive piece of hardware, but it’s the essential tool that connects you to your online life and keeps you in contact with your friends, work colleagues and family.

But perhaps most important of all – it’s the device that logs you into countless accounts, make purchases from, and maybe even use for banking online.

Losing a phone isn’t just an inconvenience, it can be a potential stepping stone for having your identity stolen.

So the good news is that modern devices like iPhones come with powerful security features that can not only lock out unauthorised users, but also actually help you remotely wipe or even (if you’re lucky) reunite you with your lost device.

So when Joonas Kiminki lost his iPhone, he did what any sensible chap would do – he marked his device as “lost” with “Find my iPhone”, happy in the knowledge that it would prevent someone else from reactivating his iPhone and that nobody would be able to access his data.

As Kiminki describes in a blog post, a week and a half went past with no report of his iPhone being found.

And then, out of the blue, he received an email saying that it had been discovered.

iphone-phishing-email
Source: medium.com

He also received an SMS message.

iphone-phishing-sms

Good news, right? Cause for celebration?

Well, I hope in the excitement at hearing your iPhone has been found that you wouldn’t do anything rash.

Because clicking on the link would take you to a webpage like this, asking for your Apple ID and password.

iphone-phishing

Despite initial appearances, that’s not the real iCloud login page.

Kiminki is certain that plenty of people would have been fooled into entering their credentials, handing over their password to the criminals. After all, the timing was ideal – the scammers knew you had lost an iPhone (they had clearly “acquired” it) and chose the perfect moment to dupe you into revealing your login details:

I”m pretty sure many people would have just punched in their apple id and password and only then wondered why the login doesn”t work.

As far as I know, this was the first time I was targeted personally by an attempted identity theft. The scammer did very many things very right and nearly got me to give up my account details. Maybe if I”d read the email before looking at the SMS (in which the strange address was a bit more prominent), they would”ve gotten me.

What strikes me the most is that everything seemed very “right” and professional. The email and the website content looked great, my phone really was an iPhone 6 and they even got the timezone right in the email.

Well done to Kiminki for not falling for the scammers’ trap, and for warning others about how opportunist iPhone thieves are getting more sophisticated in their attempts to make the most money out of the device they have stolen from you.

And don’t forget – you should always use a strong, unique password for your Apple ID, and enable two-step verification.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read