Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

m7ammed

macrumors regular
Original poster
Apr 21, 2010
167
35
Saudi Arabia
Hello yesterday my wife's phone was stolen while we were out in London (we just moved here). I've turned on lost mode on find my iPhone and reported to the police. Had a really long day and was able to find an iPhone 13 replacement for the wife, and managed to get a replacement sim. I've never fell for phishing scheme until today! we get an SMS on her new phone that the phone was located. we entered our the iCloud username and password, and was gone from my find my iPhone within minutes. I realised the phishing scheme after a few minutes and changed the Apple ID and Apple ID passwords. I feel really stupid for falling for it. but my concern is with access to the data on the phone.

The phone does have a passcode and FaceID enabled. We never got an email that "Find my iPhone" was turned off. Is it safe to assume that they were not able to access the data and just somehow deactivated the find my iPhone through recovery mode or something?
 
This doesn’t make sense to me - how did the thieves figure out your wife’s phone number to send an SMS if the stolen phone was locked?
 
  • Like
Reactions: NelzA
my guess would be they removed the SIM card and put it in another phone? it took us 30-45 mins to realise it was stolen.
Clever bastards. I guess a digital sim would stop that. It's at the lowest times we are most vulnerable. Have you contacted Apple? I would do so immediately and have them lock that phone if possible.
 
we entered our the iCloud username and password,

Entered it where? in the SMS? or in your actual account via the web or your phone?

So they texted your wife's new phone which has the same phone number they texted her from? Is that possible? I'm not quite understanding the situation.
 
  • Like
Reactions: NelzA
my guess would be they removed the SIM card and put it in another phone? it took us 30-45 mins to realise it was stolen.
Correct. Very common especially in Brazil

 
Even the best of us can fall for scams with just a little inattention... that's why they are so effective. Thanks for sharing so others can be on the lookout.

If they had your iCloud account and password they could access a lot more than that. Even things like your calendar and notes through the web app. I'd check what you have stored in notes just in case.
 
OP, sorry to hear about your stolen phone. That's a rotten thing to happen, especially given you and your wife have just moved overseas!

Don't feel bad about falling for a phising scam; these things happen. Even the most vigilant get caught; there is a Youtuber (Jim Browning) who runs a channel (over 3 million subscribers) dedicated to catching call centre/phising scams. He himself was recently scammed, which resulted in his youtube channel being shut down for a short period.

so they only managed to get throughout the the find my iPhone activation lock via the iCloud account info I stupidly gave them?

Yes, I think that is the case.

By providing your iCloud login details, the thief was able to log into your account and remove the stolen phone from it.
That means (correct me if I'm wrong) you can no longer track the phone, activate lost mode, or remotely wipe the phone.

OP, I see you have managed to log back into iCloud; if you have your bank details uploaded onto iCloud, double check (with your bank) there are no unknown transactions made to you and/or your wife's bank account since your phone went missing. I'd go one step further and instruct your bank to cancel the card(s) listed on your iCloud account.

The thief can't access the data stored on the phone unless the thief bypasses faceID or guesses the passcode. I'm under the impression it's pretty difficult to bypass faceID; hopefully your wife's passcode is complex enough not to be easily guessed (ie not 0000 or 1234).

Unfortunately if the thief can't bypass faceid or your wife's passcode, they can just reset your phone and set it up as a new device (ie wipe the existing data stored on the phone, reinstall iOS and setup the phone as a brand new device).

You could contact Apple and see if they can help, though I'm not sure how you'd be able to prove your wife's phone was stolen (perhaps a combination of the phishing messages and a police report may help)? I (touch wood) have never had my iPhone stolen, so I don't know what the procedure is.

Hope you and your wife are ok, and this incident doesn't blight the rest of the time you spend in the UK!
 
Last edited:
my guess would be they removed the SIM card and put it in another phone? it took us 30-45 mins to realise it was stolen.
Even with your username and password, I don't think would have been able to get into your iCloud account without access to a trusted 2FA device. Did you not have two factor authorization turned on?
 
  • Like
Reactions: BigMcGuire
Even the best of us can fall for scams with just a little inattention... that's why they are so effective. Thanks for sharing so others can be on the lookout.

If they had your iCloud account and password they could access a lot more than that. Even things like your calendar and notes through the web app. I'd check what you have stored in notes just in case.
OP, sorry to hear about your stolen phone. That's a rotten thing to happen, especially given you and your wife have just moved overseas!

Don't feel bad about falling for a phising scam; these things happen. Even the most vigilant get caught; there is a Youtuber (Jim Browning) who runs a channel (over 3 million subscribers) dedicated to catching call centre/phising scams. He himself was recently scammed, which resulted in his youtube channel being shut down for a short period.



Yes, I think that is the case.

By providing your iCloud login details, the thief was able to log into your account and remove the stolen phone from it.
That means (correct me if I'm wrong) you can no longer track the phone, activate lost mode, or remotely wipe the phone.

OP, I see you have managed to log back into iCloud; if you have your bank details uploaded onto iCloud, double check (with your bank) there are no unknown transactions made to you and/or your wife's bank account since your phone went missing. I'd go one step further and instruct your bank to cancel the card(s) listed on your iCloud account.

The thief can't access the data stored on the phone unless the thief bypasses faceID or guesses the passcode. I'm under the impression it's pretty difficult to bypass faceID; hopefully your wife's passcode is complex enough not to be easily guessed (ie not 0000 or 1234).

Unfortunately if the thief can't bypass faceid or your wife's passcode, they can just reset your phone and set it up as a new device (ie wipe the existing data stored on the phone, reinstall iOS and setup the phone as a brand new device).

You could contact Apple and see if they can help, though I'm not sure how you'd be able to prove your wife's phone was stolen (perhaps a combination of the phishing messages and a police report may help)? I (touch wood) have never had my iPhone stolen, so I don't know what the procedure is.

Hope you and your wife are ok, and this incident doesn't blight the rest of the time you spend in the UK!

Even with your username and password, I don't think would have been able to get into your iCloud account without access to a trusted 2FA device. Did you not have two factor authorization turned on?


Thanks for this, we have already reported the theft to the police, and went to apple an hour after it was stolen. Yeah the passcode isn't simple and FaceID and we have 2 factor authentication enabled. So any login to the web account would have triggered a 2FA request and an email about the login.

I just wanted to make sure that the only thing they did was wipe the phone clean using the iCloud account.

EDIT: I'm just checking now through my wife's email and there was a login from a windows device on her iCloud around the same time!🥲 its 20 mins after this login that I have changed the iCloud password.

I've only slept three hours, I'm so worried about this. been changing passwords all night until 5 am UK time.
 
Last edited:
So sorry to hear this. Not nice given that you’ve just moved here. How was it stolen?
we were at Piccadilly Circus, waiting fo ra friend to come. Had a two year old who was crying and 6 year old who was bored 😅. She put here phone in here jacket pocket in a rush. we walked for one mins when she realised it was gone. They turned it off immediately so we for a bit until it popped back on the other side of London 10 miles away.

Then as in the OP, it disappeared from FMI when they tricked me into giving them the password.
 
we were at Piccadilly Circus, waiting fo ra friend to come. Had a two year old who was crying and 6 year old who was bored 😅. She put here phone in here jacket pocket in a rush. we walked for one mins when she realised it was gone. They turned it off immediately so we for a bit until it popped back on the other side of London 10 miles away.

Then as in the OP, it disappeared from FMI when they tricked me into giving them the password.
So sorry to hear that. Absolute scum. Did you by any chance have a UK SIM card inserted at the time? If so, if you report it to the network, they’ll block the IMEI number which means it cannot be used in Europe - there’s a European databases for blocked IMEI’s.
 
So sorry to hear that. Absolute scum. Did you by any chance have a UK SIM card inserted at the time? If so, if you report it to the network, they’ll block the IMEI number which means it cannot be used in Europe - there’s a European databases for blocked IMEI’s.
Yeah they used the auK number of the phishing scheme. I already reported stolen but EE haven’t asked for IMEI. Don’t think I have it as well 😅
 
Yeah they used the auK number of the phishing scheme. I already reported stolen but EE haven’t asked for IMEI. Don’t think I have it as well 😅
As you have notified EE, they will automatically block it - they have the IMEI number as it’s automatically reported to them by your SIM card.
 
London is the heaven for pickpockets. I have never lost any phone in my life and the only time someone stole my phone was in London. And the thieves sent me the same phishing SMS. They work as a group and the police doesn’t care.
 
  • Like
Reactions: Fred Zed
London is the heaven for pickpockets. I have never lost any phone in my life and the only time someone stole my phone was in London. And the thieves sent me the same phishing SMS. They work as a group and the police doesn’t care.
I'm just nervous all the day now, checking my wife's email every hour to see if there is any suspicious activity. You feel very vulnerable all the time after the experience, I've never had this feeling ever. I think I've secured , I just feel tense all the time thinking I could have missed something or done something wrong.
 
  • Like
Reactions: haruhiko
I’ve had a similar situation happen 4 years ago in Ibiza.

Someone ‘bumped’ into my friend and I and a few mins later we both realised our phones had been stolen.

We reported to our networks and the local police within 10 mins and logged into ‘Find my’ on another friends phone to mark our devices as lost.

A few days later it appeared in Tangiers, Morocco before going back offline again.

1 week later I received a text claiming to be from ‘Apple’ - and the message displayed itself as coming from Apple too. Thankfully, as you can see in the image, the use of the English language was not very good and the link did not go to a genuine Apple URL. I did click the link (knowing it was fictitious), which took me to a page that looked identical to the iCloud login page at the time. Upon entering a false email and password, a message appeared saying ‘incorrect password’. Had I entered my correct details, the thieves would have been able to remove the iCloud activation from the phone. Notice they also sign off as ‘Apple Inc’. Lots of red flags in the messages. (I checked the links revently

Thankfully no data stolen, and the phone remains on Find my just in case it’s turned back on but I suspect it’s been broken up for parts.

Key things for people to do following an unfortunate incident like this in addition to Apple’s advice here https://support.apple.com/en-gb/HT201472 :


1. Protect your phone with a secure passcode, no dates of birth, consecutive numbers or 1234. Preferably 6 digits or longer.
2. Protect your iCloud account with 2fa (and all your accounts for that matter).
3. If your device is stolen, alert your network and the authorities immediately, then your insurance company if applicable (if you don’t do certain things within a certain timeframe some insurance providers won’t pay out).
4. Mark the device as lost on ‘Find My’
5. Be prepared to receive texts or emails and if you enter any contact details in the ‘device lost message’ be prepared to be contacted there too.
6. When you receive those messages, DON’T enter any details. Instead, go directly to the iCloud login page and look for your device there.
6b. Inspect the links within the messages, notice they won’t be for https://iCloud.com - instead, it’ll be something that has the word iCloud or Apple in it (so you think it looks genuine) for example https://iCloudapple.phonefound.com

Sorry for the long post :)
 

Attachments

  • A451C3F5-918D-44A3-A7D0-0566525944C1.png
    A451C3F5-918D-44A3-A7D0-0566525944C1.png
    919.5 KB · Views: 421
London is the heaven for pickpockets. I have never lost any phone in my life and the only time someone stole my phone was in London. And the thieves sent me the same phishing SMS. They work as a group and the police doesn’t care.
Yep. Many pikeys hanging in grocery stores and busy places to pick pocket. It’s an epidemic.
 
  • Like
Reactions: haruhiko
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.