Skip to main content

iPhone thieves are using this trick to disable Find My on stolen devices

iPhone X passcode screen
iPhone X passcode screen (Image credit: iMore)

What you need to know

  • A new stolen iPhone trick allows thieves to disable Find My and erase the device entirely.
  • People are stealing iPhones and sending text messages to the stolen number pretending to be Apple, tricking them into giving up their Apple ID credentials.

People stealing iPhones is absolutely nothing new, unfortunately. But people using Find My to disable their devices is usually a good port of call because it prevents them from being accessed or set up anew. A new trick shared by one unfortunate iPhone owner shows that thieves are finding new ways to get around things like Find My — and it's all too easy.

An India Today report tells the story of Vedant, someone who lost his iPhone 12 before going through all the usual steps — including trying to use Find My to locate it.

However, he was told that the iPhone was offline, and the system was unable to get the exact location of the device. He then put his iPhone into the lost mode, alerted the police, and blocked his SIM card. If you change the status of your phone to "lost mode", your phone will be locked, so nobody can access your information even after turning the iPhone on.

A few days went by and it was assumed that all hope was lost. Then, Vedant received an SMS suggesting the iPhone had been found and that tapping a link would display the location. The link looked legit because it contained 'icloud' and 'findmy,' but it wasn't.

He then received a message on his number saying, 'Your lost iPhone 12 Blue has been found and temporarily switched ON. View location." Along with a message, there was an iCloud link provided. The link was designed in such a way that no matter how technologically sound you are, you are bound to fall for it. The link that was sent to him was not shortened using the link shortening website, bit.ly. It, on the contrary, had phrases like "iCloud", "find my", which could trick anyone into believing that the message was sent from Apple.

Stolen Iphone Phishing Text

Stolen Iphone Phishing Text (Image credit: India Today)

After tapping the link Vedant was asked to log in, which they did — giving the new owner of the iPhone their Apple ID and password.

Only a minute after entering his details, he got an email notification saying that his Apple ID was accessed from a Windows desktop. He then changed his password and removed the windows desktop from his Apple ID, but it was too late by then. His stolen iPhone was already removed from his Apple ID and its 'Find my' was also switched off.

The link was from the person that had the iPhone in their possession and they were able to use the Apple ID credentials to disable Find My on the iPhone. They got Vedant's phone number by putting the SIM into a new device and calling themselves, which explains that part of the mystery. What's less clear is why the number the link came from also appears to be the number Microsoft uses to send its two-factor authentication codes via. Likely, the number was spoofed — another sign that the thief was no amateur.

With Find My disabled, the iPhone could be wiped and set up as a new device using anyone's Apple ID — just as if it had been bought legitimately.

Normally this is where I say to make sure that you have two-factor authentication enabled, but that would likely have failed to do its job here, too — Vedant would have entered that into the fishing site and handed it to the thief along with the username and password.

The real moral of the story? Check and double check links before accessing them and consider using a password manager that will alert you if you're entering details into a site other than the one you saved them from. Remember, a secure iPhone is the best iPhone!

Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.

Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.

4 Comments
  • It seems Apple could associate the device's serial number with the Apple ID. If a user reports a device stolen, Apple could easily prevent that specific serial number from registering as a new Apple device. Why not associate specific serial numbers with Apple IDs and create an ownership transfer process other than just wiping the device?
  • I just feel bad for the guy. When I look at the link I could tell it was fake. Though I’m sure to him he was so like omg the phone is on and just click link in hopes to find the guy. :(
  • What you're describing is how it works. Unfortunately the email part of the scam allowed the slime thief to get the user's AppleID password to his Apple Account. Once you have that you have keys to the kingdom including, what I'll call, releasing the device from your account. For example selling your iPad, if that iPad is part of your iCloud account then you must 'release it' before the new person can use it (unless someone is unwise and just provides the pin). Apple will prompt you with a 'are you sure you want to do this?'. Never! Use a hyperlink from an email to enter credentials, never! Phishing is too common.
  • "The link was designed in such a way that no matter how technologically sound you are, you are bound to fall for it." Nope, you would still have to be a moron to fall for that scam. A "technologically sound" person would know that a hyphen doesn't/can't follow a .com in a URL. And it didn't seem a little sketchy that the same number texted a "Microsoft Authentication" code? Why would Apple use the same number as Microsoft (assuming that actually is a message from MS and not some bull**** text to make the tweet look more legit)