What you need to know
- A new stolen iPhone trick allows thieves to disable Find My and erase the device entirely.
- People are stealing iPhones and sending text messages to the stolen number pretending to be Apple, tricking them into giving up their Apple ID credentials.
People stealing iPhones is absolutely nothing new, unfortunately. But people using Find My to disable their devices is usually a good port of call because it prevents them from being accessed or set up anew. A new trick shared by one unfortunate iPhone owner shows that thieves are finding new ways to get around things like Find My — and it's all too easy.
However, he was told that the iPhone was offline, and the system was unable to get the exact location of the device. He then put his iPhone into the lost mode, alerted the police, and blocked his SIM card. If you change the status of your phone to "lost mode", your phone will be locked, so nobody can access your information even after turning the iPhone on.
A few days went by and it was assumed that all hope was lost. Then, Vedant received an SMS suggesting the iPhone had been found and that tapping a link would display the location. The link looked legit because it contained 'icloud' and 'findmy,' but it wasn't.
He then received a message on his number saying, 'Your lost iPhone 12 Blue has been found and temporarily switched ON. View location." Along with a message, there was an iCloud link provided. The link was designed in such a way that no matter how technologically sound you are, you are bound to fall for it. The link that was sent to him was not shortened using the link shortening website, bit.ly. It, on the contrary, had phrases like "iCloud", "find my", which could trick anyone into believing that the message was sent from Apple.
After tapping the link Vedant was asked to log in, which they did — giving the new owner of the iPhone their Apple ID and password.
Only a minute after entering his details, he got an email notification saying that his Apple ID was accessed from a Windows desktop. He then changed his password and removed the windows desktop from his Apple ID, but it was too late by then. His stolen iPhone was already removed from his Apple ID and its 'Find my' was also switched off.
The link was from the person that had the iPhone in their possession and they were able to use the Apple ID credentials to disable Find My on the iPhone. They got Vedant's phone number by putting the SIM into a new device and calling themselves, which explains that part of the mystery. What's less clear is why the number the link came from also appears to be the number Microsoft uses to send its two-factor authentication codes via. Likely, the number was spoofed — another sign that the thief was no amateur.
With Find My disabled, the iPhone could be wiped and set up as a new device using anyone's Apple ID — just as if it had been bought legitimately.
Normally this is where I say to make sure that you have two-factor authentication enabled, but that would likely have failed to do its job here, too — Vedant would have entered that into the fishing site and handed it to the thief along with the username and password.
The real moral of the story? Check and double check links before accessing them and consider using a password manager that will alert you if you're entering details into a site other than the one you saved them from. Remember, a secure iPhone is the best iPhone!