Some iPhone thieves are getting more diabolical with their crimes by trying to trick victims into giving up their iCloud user name and password. The crooks are sending their theft victims legit looking messages saying their stolen device is being tracked, and they can find it by clicking a link and log in to their iCloud account.
That sounds reasonably legit considering Apple’s Find My iPhone feature and support for tagging a device as lost or stolen through our iCloud accounts. The problem is that hackers are taking advantage their victim’s trust in Apple and presenting them with a link that harvests their iCloud credentials instead of legitimately logging them into their account.
In other words, after the thief makes off with a victim’s iPhone, they add insult to injury by trying to steal their iCloud password in a phishing scheme.
That’s what Joonas Kiminki from Wunder Finland experienced when his iPhone was stolen. Several days after the theft and after he replaced his iPhone, he got an email and a text saying his missing phone was being tracked. Whoever had the iPhone most likely found his name through iOS 9’s Medical ID feature, and through a little Google searching tracked down his email address and phone number.
Going to all that trouble makes sense because as long as the stolen phone was linked to Mr. Kiminki’s Apple ID it was worthless to anyone else. It couldn’t be wiped and used by anyone else, making the stolen phone little more than a high tech paper weight. Had he fallen for the phishing scheme, the thief could unlink the stolen iPhone from his account and sell it.
As if that isn’t bad enough, the thief could buy what they want on the App Store, iTunes Music Store, and potentially the online Apple store, too. That would make for a horribly bitter icing on the stolen iPhone cake.
Luckily, Mr. Kiminki didn’t fall for the phishing scheme and his Apple ID stayed safely out of criminal hands. The silver lining is that everyone else can learn from his unfortunate experience: If your iPhone is stolen be even more alert to possible phishing schemes. There’s a chance whoever stole your iPhone will try to steal your iCloud user name and password, too.
OMG! This exact same thing just happened to me. I mistakenly entered my credentials and realized maybe 5 minutes later that the website link seemed off. I immedietaly changed my password to everything. Please let me know what you think I should do! I’m quite scared right now!