Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Other iPhone was stolen, and I fell for phishing scheme

M

m7ammed

macrumors regular
Original poster
Apr 21, 2010
167
35
Saudi Arabia
Hello yesterday my wife's phone was stolen while we were out in London (we just moved here). I've turned on lost mode on find my iPhone and reported to the police. Had a really long day and was able to find an iPhone 13 replacement for the wife, and managed to get a replacement sim. I've never fell for phishing scheme until today! we get an SMS on her new phone that the phone was located. we entered our the iCloud username and password, and was gone from my find my iPhone within minutes. I realised the phishing scheme after a few minutes and changed the Apple ID and Apple ID passwords. I feel really stupid for falling for it. but my concern is with access to the data on the phone.

The phone does have a passcode and FaceID enabled. We never got an email that "Find my iPhone" was turned off. Is it safe to assume that they were not able to access the data and just somehow deactivated the find my iPhone through recovery mode or something?
 
J

julesme

macrumors 6502a
Oct 14, 2016
628
2,224
San Jose
This doesn’t make sense to me - how did the thieves figure out your wife’s phone number to send an SMS if the stolen phone was locked?
 
  • Like
Reactions: NelzA
smoking monkey

smoking monkey

macrumors 68020
Mar 5, 2008
2,364
1,508
I HUNGER
m7ammed said:
my guess would be they removed the SIM card and put it in another phone? it took us 30-45 mins to realise it was stolen.
Click to expand...
Clever bastards. I guess a digital sim would stop that. It's at the lowest times we are most vulnerable. Have you contacted Apple? I would do so immediately and have them lock that phone if possible.
 
smoking monkey

smoking monkey

macrumors 68020
Mar 5, 2008
2,364
1,508
I HUNGER
m7ammed said:
we entered our the iCloud username and password,
Click to expand...

Entered it where? in the SMS? or in your actual account via the web or your phone?

So they texted your wife's new phone which has the same phone number they texted her from? Is that possible? I'm not quite understanding the situation.
 
  • Like
Reactions: NelzA
Homme

Homme

macrumors 6502a
Jun 17, 2014
951
869
Sydney
m7ammed said:
my guess would be they removed the SIM card and put it in another phone? it took us 30-45 mins to realise it was stolen.
Click to expand...
Correct. Very common especially in Brazil

www.ithinkdiff.com

Thieves use SIM cards to unlock stolen iPhones and access victims’ bank accounts

Police in Sao Paulo, Brazil have caught a gang of thieves who specialized in unlocking iPhones to access victims’ bank accounts. Although it is impossible to unlock an iPhone with the passcode or…
www.ithinkdiff.com www.ithinkdiff.com
 
T

twombles62

macrumors member
Nov 5, 2007
98
13
Melbourne, Australia
Even the best of us can fall for scams with just a little inattention... that's why they are so effective. Thanks for sharing so others can be on the lookout.

If they had your iCloud account and password they could access a lot more than that. Even things like your calendar and notes through the web app. I'd check what you have stored in notes just in case.
 
S

saber32au

macrumors 6502
Apr 5, 2019
282
207
OP, sorry to hear about your stolen phone. That's a rotten thing to happen, especially given you and your wife have just moved overseas!

Don't feel bad about falling for a phising scam; these things happen. Even the most vigilant get caught; there is a Youtuber (Jim Browning) who runs a channel (over 3 million subscribers) dedicated to catching call centre/phising scams. He himself was recently scammed, which resulted in his youtube channel being shut down for a short period.

m7ammed said:
so they only managed to get throughout the the find my iPhone activation lock via the iCloud account info I stupidly gave them?
Click to expand...

Yes, I think that is the case.

By providing your iCloud login details, the thief was able to log into your account and remove the stolen phone from it.
That means (correct me if I'm wrong) you can no longer track the phone, activate lost mode, or remotely wipe the phone.

OP, I see you have managed to log back into iCloud; if you have your bank details uploaded onto iCloud, double check (with your bank) there are no unknown transactions made to you and/or your wife's bank account since your phone went missing. I'd go one step further and instruct your bank to cancel the card(s) listed on your iCloud account.

The thief can't access the data stored on the phone unless the thief bypasses faceID or guesses the passcode. I'm under the impression it's pretty difficult to bypass faceID; hopefully your wife's passcode is complex enough not to be easily guessed (ie not 0000 or 1234).

Unfortunately if the thief can't bypass faceid or your wife's passcode, they can just reset your phone and set it up as a new device (ie wipe the existing data stored on the phone, reinstall iOS and setup the phone as a brand new device).

You could contact Apple and see if they can help, though I'm not sure how you'd be able to prove your wife's phone was stolen (perhaps a combination of the phishing messages and a police report may help)? I (touch wood) have never had my iPhone stolen, so I don't know what the procedure is.

Hope you and your wife are ok, and this incident doesn't blight the rest of the time you spend in the UK!
 
Last edited:
  • Like
Reactions: berrymatcha and m7ammed
C

chabig

macrumors G4
Sep 6, 2002
11,460
9,326
m7ammed said:
my guess would be they removed the SIM card and put it in another phone? it took us 30-45 mins to realise it was stolen.
Click to expand...
Even with your username and password, I don't think would have been able to get into your iCloud account without access to a trusted 2FA device. Did you not have two factor authorization turned on?
 
  • Like
Reactions: BigMcGuire
M

m7ammed

macrumors regular
Original poster
Apr 21, 2010
167
35
Saudi Arabia
twombles62 said:
Even the best of us can fall for scams with just a little inattention... that's why they are so effective. Thanks for sharing so others can be on the lookout.

If they had your iCloud account and password they could access a lot more than that. Even things like your calendar and notes through the web app. I'd check what you have stored in notes just in case.
Click to expand...
saber32au said:
OP, sorry to hear about your stolen phone. That's a rotten thing to happen, especially given you and your wife have just moved overseas!

Don't feel bad about falling for a phising scam; these things happen. Even the most vigilant get caught; there is a Youtuber (Jim Browning) who runs a channel (over 3 million subscribers) dedicated to catching call centre/phising scams. He himself was recently scammed, which resulted in his youtube channel being shut down for a short period.



Yes, I think that is the case.

By providing your iCloud login details, the thief was able to log into your account and remove the stolen phone from it.
That means (correct me if I'm wrong) you can no longer track the phone, activate lost mode, or remotely wipe the phone.

OP, I see you have managed to log back into iCloud; if you have your bank details uploaded onto iCloud, double check (with your bank) there are no unknown transactions made to you and/or your wife's bank account since your phone went missing. I'd go one step further and instruct your bank to cancel the card(s) listed on your iCloud account.

The thief can't access the data stored on the phone unless the thief bypasses faceID or guesses the passcode. I'm under the impression it's pretty difficult to bypass faceID; hopefully your wife's passcode is complex enough not to be easily guessed (ie not 0000 or 1234).

Unfortunately if the thief can't bypass faceid or your wife's passcode, they can just reset your phone and set it up as a new device (ie wipe the existing data stored on the phone, reinstall iOS and setup the phone as a brand new device).

You could contact Apple and see if they can help, though I'm not sure how you'd be able to prove your wife's phone was stolen (perhaps a combination of the phishing messages and a police report may help)? I (touch wood) have never had my iPhone stolen, so I don't know what the procedure is.

Hope you and your wife are ok, and this incident doesn't blight the rest of the time you spend in the UK!
Click to expand...

chabig said:
Even with your username and password, I don't think would have been able to get into your iCloud account without access to a trusted 2FA device. Did you not have two factor authorization turned on?
Click to expand...


Thanks for this, we have already reported the theft to the police, and went to apple an hour after it was stolen. Yeah the passcode isn't simple and FaceID and we have 2 factor authentication enabled. So any login to the web account would have triggered a 2FA request and an email about the login.

I just wanted to make sure that the only thing they did was wipe the phone clean using the iCloud account.

EDIT: I'm just checking now through my wife's email and there was a login from a windows device on her iCloud around the same time!? its 20 mins after this login that I have changed the iCloud password.

I've only slept three hours, I'm so worried about this. been changing passwords all night until 5 am UK time.
 
Last edited:
M

m7ammed

macrumors regular
Original poster
Apr 21, 2010
167
35
Saudi Arabia
maka344 said:
So sorry to hear this. Not nice given that you’ve just moved here. How was it stolen?
Click to expand...
we were at Piccadilly Circus, waiting fo ra friend to come. Had a two year old who was crying and 6 year old who was bored ?. She put here phone in here jacket pocket in a rush. we walked for one mins when she realised it was gone. They turned it off immediately so we for a bit until it popped back on the other side of London 10 miles away.

Then as in the OP, it disappeared from FMI when they tricked me into giving them the password.
 
maka344

maka344

macrumors 68020
Nov 4, 2009
2,145
1,316
London, UK
m7ammed said:
we were at Piccadilly Circus, waiting fo ra friend to come. Had a two year old who was crying and 6 year old who was bored ?. She put here phone in here jacket pocket in a rush. we walked for one mins when she realised it was gone. They turned it off immediately so we for a bit until it popped back on the other side of London 10 miles away.

Then as in the OP, it disappeared from FMI when they tricked me into giving them the password.
Click to expand...
So sorry to hear that. Absolute scum. Did you by any chance have a UK SIM card inserted at the time? If so, if you report it to the network, they’ll block the IMEI number which means it cannot be used in Europe - there’s a European databases for blocked IMEI’s.
 
M

m7ammed

macrumors regular
Original poster
Apr 21, 2010
167
35
Saudi Arabia
maka344 said:
So sorry to hear that. Absolute scum. Did you by any chance have a UK SIM card inserted at the time? If so, if you report it to the network, they’ll block the IMEI number which means it cannot be used in Europe - there’s a European databases for blocked IMEI’s.
Click to expand...
Yeah they used the auK number of the phishing scheme. I already reported stolen but EE haven’t asked for IMEI. Don’t think I have it as well ?
 
maka344

maka344

macrumors 68020
Nov 4, 2009
2,145
1,316
London, UK
m7ammed said:
Yeah they used the auK number of the phishing scheme. I already reported stolen but EE haven’t asked for IMEI. Don’t think I have it as well ?
Click to expand...
As you have notified EE, they will automatically block it - they have the IMEI number as it’s automatically reported to them by your SIM card.
 
haruhiko

haruhiko

macrumors 604
Sep 29, 2009
6,692
6,245
London is the heaven for pickpockets. I have never lost any phone in my life and the only time someone stole my phone was in London. And the thieves sent me the same phishing SMS. They work as a group and the police doesn’t care.
 
  • Like
Reactions: Fred Zed
M

m7ammed

macrumors regular
Original poster
Apr 21, 2010
167
35
Saudi Arabia
haruhiko said:
London is the heaven for pickpockets. I have never lost any phone in my life and the only time someone stole my phone was in London. And the thieves sent me the same phishing SMS. They work as a group and the police doesn’t care.
Click to expand...
I'm just nervous all the day now, checking my wife's email every hour to see if there is any suspicious activity. You feel very vulnerable all the time after the experience, I've never had this feeling ever. I think I've secured , I just feel tense all the time thinking I could have missed something or done something wrong.
 
  • Like
Reactions: haruhiko
fezzzer

fezzzer

macrumors regular
Jun 13, 2013
235
156
I’ve had a similar situation happen 4 years ago in Ibiza.

Someone ‘bumped’ into my friend and I and a few mins later we both realised our phones had been stolen.

We reported to our networks and the local police within 10 mins and logged into ‘Find my’ on another friends phone to mark our devices as lost.

A few days later it appeared in Tangiers, Morocco before going back offline again.

1 week later I received a text claiming to be from ‘Apple’ - and the message displayed itself as coming from Apple too. Thankfully, as you can see in the image, the use of the English language was not very good and the link did not go to a genuine Apple URL. I did click the link (knowing it was fictitious), which took me to a page that looked identical to the iCloud login page at the time. Upon entering a false email and password, a message appeared saying ‘incorrect password’. Had I entered my correct details, the thieves would have been able to remove the iCloud activation from the phone. Notice they also sign off as ‘Apple Inc’. Lots of red flags in the messages. (I checked the links revently

Thankfully no data stolen, and the phone remains on Find my just in case it’s turned back on but I suspect it’s been broken up for parts.

Key things for people to do following an unfortunate incident like this in addition to Apple’s advice here https://support.apple.com/en-gb/HT201472 :


1. Protect your phone with a secure passcode, no dates of birth, consecutive numbers or 1234. Preferably 6 digits or longer.
2. Protect your iCloud account with 2fa (and all your accounts for that matter).
3. If your device is stolen, alert your network and the authorities immediately, then your insurance company if applicable (if you don’t do certain things within a certain timeframe some insurance providers won’t pay out).
4. Mark the device as lost on ‘Find My’
5. Be prepared to receive texts or emails and if you enter any contact details in the ‘device lost message’ be prepared to be contacted there too.
6. When you receive those messages, DON’T enter any details. Instead, go directly to the iCloud login page and look for your device there.
6b. Inspect the links within the messages, notice they won’t be for https://iCloud.com - instead, it’ll be something that has the word iCloud or Apple in it (so you think it looks genuine) for example https://iCloudapple.phonefound.com

Sorry for the long post :)
 

Attachments

  • A451C3F5-918D-44A3-A7D0-0566525944C1.png
    A451C3F5-918D-44A3-A7D0-0566525944C1.png
    919.5 KB · Views: 418
  • Like
Reactions: berrymatcha, pmac99, now i see it and 1 other person
Fred Zed

Fred Zed

macrumors 603
Aug 15, 2019
5,881
6,552
Upstate NY . Was FL.
haruhiko said:
London is the heaven for pickpockets. I have never lost any phone in my life and the only time someone stole my phone was in London. And the thieves sent me the same phishing SMS. They work as a group and the police doesn’t care.
Click to expand...
Yep. Many pikeys hanging in grocery stores and busy places to pick pocket. It’s an epidemic.
 
  • Like
Reactions: haruhiko
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom