What you need to know
- A new stolen iPhone trick allows thieves to disable Find My and erase the device entirely.
- People are stealing iPhones and sending text messages to the stolen number pretending to be Apple, tricking them into giving up their Apple ID credentials.
People stealing iPhones is absolutely nothing new, unfortunately. But people using Find My to disable their devices is usually a good port of call because it prevents them from being accessed or set up anew. A new trick shared by one unfortunate iPhone owner shows that thieves are finding new ways to get around things like Find My — and it's all too easy.
A few days went by and it was assumed that all hope was lost. Then, Vedant received an SMS suggesting the iPhone had been found and that tapping a link would display the location. The link looked legit because it contained 'icloud' and 'findmy,' but it wasn't.
After tapping the link Vedant was asked to log in, which they did — giving the new owner of the iPhone their Apple ID and password.
The link was from the person that had the iPhone in their possession and they were able to use the Apple ID credentials to disable Find My on the iPhone. They got Vedant's phone number by putting the SIM into a new device and calling themselves, which explains that part of the mystery. What's less clear is why the number the link came from also appears to be the number Microsoft uses to send its two-factor authentication codes via. Likely, the number was spoofed — another sign that the thief was no amateur.
With Find My disabled, the iPhone could be wiped and set up as a new device using anyone's Apple ID — just as if it had been bought legitimately.
Normally this is where I say to make sure that you have two-factor authentication enabled, but that would likely have failed to do its job here, too — Vedant would have entered that into the fishing site and handed it to the thief along with the username and password.
The real moral of the story? Check and double check links before accessing them and consider using a password manager that will alert you if you're entering details into a site other than the one you saved them from. Remember, a secure iPhone is the best iPhone!
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.
Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.