phone stolen, now recieving phishing messages...how did they get my contact info?

[laxerguy37]

My iphone6 was stolen ~3 weeks ago, after it was stolen I placed the phone into lost mode via find my iPhone and got a new phone a couple days later. I changed all my passwords/apple ID and have 2 factor authentication enabled.

Now two weeks later I have received multiple phishing emails saying my phone has been found with links to very real looking (albeit fake) find my iPhone webpages asking me to log into my icloud account. I obviously did not enter any info into these phishing webpages.

My question is, how did the thieves get my contact info (both my phone number and email address) to even contact me with these phishing emails? Neither my number or email was displayed in the lost mode message. The text message appears to be as text and not imessage. The email they contacted me is however my apple ID email.

Is there some way they can get this info from a locked iphone? or does this mean they somehow have unlocked my device?

 

[EDH667]

Same thing happened on the following thread. They more than likely either got it from the SIM card, or asking SIRI for the contact information.

https://forums.macrumors.com/threads/how-was-my-phone-number-compromised-from-stolen-device.1959821/

 

[laxerguy37]

Same thing happened on the following thread. They more than likely either got it from the SIM card, or asking SIRI for the contact information.

https://forums.macrumors.com/threads/how-was-my-phone-number-compromised-from-stolen-device.1959821/

thank you for pointing in the right direction!

 

[noobinator]

You should definitely find a way to mess with them.

 

[laxerguy37]

You should definitely find a way to mess with them.

I sent them a strongly worded response to the phishing text, but I doubt that even reaches anyone let alone the person who actually has the phone. The phishing messages are likely part of a service thieves can pay to use.
[doublepost=1457732676][/doublepost]

Same thing happened on the following thread. They more than likely either got it from the SIM card, or asking SIRI for the contact information.

https://forums.macrumors.com/threads/how-was-my-phone-number-compromised-from-stolen-device.1959821/

The sim card idea seems to explain how they couldve got my phone number. But I had siri disabled on the phone so I still do not have any idea how they came to get my email address.......

 

[noobinator]

Maybe the person who stole it knows you and your email address?

 

[laxerguy37]

Maybe the person who stole it knows you and your email address?

extremely unlikely...it was stolen during the work day (I work at a large university) and the only people I know here are through work and the email address I was contacted at is a personal one no one here would know

 

[PortableLover]

Op recommend contacting apple. It seems other ppl are having this issue..

 

[laxerguy37]

Op recommend contacting apple. It seems other ppl are having this issue..

I've spoken with them. They assured me my phone was secure and the representative did not know how they could've received my email/phone# and said it wasnt from anything on their end.

 

[deadsoul]

I guess your phone is in lost mode right? A new method has been found, the only thing you need is a message giving your phone number, i'll try to explain more later.

 

[DMVillain]

This seems to be happening a lot recently.

 

[laxerguy37]

I guess your phone is in lost mode right? A new method has been found, the only thing you need is a message giving your phone number, i'll try to explain more later.

Yes it is in lost mode...please do explain when you have time

 

[Applejuiced]

I received one of those phishing texts a month ago and my iPhone was never stolen.
The email said something along the lines I need to log in and verify my password or something.
Looked like the apple site when I clicked on the link and asked for my Apple ID, password, name, address, credit card on file and exp date etc.
I responded to the text message telling them to go f themselves

 

[ApfelKuchen]

One aspect of phishing is that they send out messages that may or may not be true, to millions of email addresses. "Confirm your Bank of Antarctica account info." Well, if you don't have a Bank of Antarctica account, you'll ignore it as an obvious phish. If the subject happens to resonate with your life (you really have a Bank of Antarctica account, or lost your iPhone, or whatever...) then you may just think the message is meant for you, and trust its contents.

They're scammers. They're not psychic. (Oh, yeah, that's right - psychics are scammers...)

 

[C DM]

One aspect of phishing is that they send out messages that may or may not be true, to millions of email addresses. "Confirm your Bank of Antarctica account info." Well, if you don't have a Bank of Antarctica account, you'll ignore it as an obvious phish. If the subject happens to resonate with your life (you really have a Bank of Antarctica account, or lost your iPhone, or whatever...) then you may just think the message is meant for you, and trust its contents.

They're scammers. They're not psychic. (Oh, yeah, that's right - psychics are scammers...)

Seems a little too coincidental when an iCloud phishing message about a lost phone comes within a week or two of a phone actually being stolen/lost.

 

[Cergman]

Seems a little too coincidental when an iCloud phishing message about a lost phone comes within a week or two of a phone actually being stolen/lost.

They got your phone number from the SIM in the phone and sent an iMessage to it. It's not rocket science. Everyone is making it out to be this huge scheme, whereas in reality, some clueless chump probably sold your phone on eBay to someone who actually knows how to pull the sim and phish for your ID.

 

[ApfelKuchen]

Seems a little too coincidental when an iCloud phishing message about a lost phone comes within a week or two of a phone actually being stolen/lost.

Of course it does. That's why people believe in conspiracy theories and supernatural deities. "I prayed on Sunday, and something good happened today. That's proof god exists!" No, it proves nothing other than that person wants god to exist. All else is an unproven assertion.

https://en.wikipedia.org/wiki/Correlation_does_not_imply_causation - pay especial attention to the second paragraph.

The world is full of random events, and people try to find some meaning, some reason in that randomness - the hand of god, the claw of satan. Somehow, it's more comforting to be the victim of a sentient, malevolent evil or the unknowable will of god than to be the victim of inanimate, quantum-mechanical chance (the burden of proof is on Einstein to show that there is a god who may or may not play dice with the Universe).

Now, maybe the people who stole the phone (or obtained the stolen phone) found a technological way to get the owner's information. Nothing's impossible. However, it's not easy, and I can spin a variety of non-technological scenarios that require nothing more than a corrupt clerk at the local police station, cell phone provider, or insurance company; or a business card inadvertently sandwiched between the phone and it's protective case. Fortune tellers have been using accomplices for as long as there have been fortunes to tell - most "marks" still don't understand how it's done.

People's explanations for the unexplained are often strongly affected by current events. Before humans put spacecraft into orbit (proving it wasn't just science fiction) there were few reports of UFOs. Today, everyone's talking about the government wanting Apple to crack into iPhones....

 

[scaredpoet]

Well, I have your causation for you.

There ARE websites that advertise as a "service" the ability to remove iCloud Activation lock on iPhones, particularly when "an innocent consumer may have acquired an iPhone or iPad and are stuck with an unusable device and unable to contact the original owner."

Here's one such site. Note that among the sample screens shown is one where an iPhone is in "lost mode," implying the phone was lost by its original owner and now someone else wants to keep it for themselves and get past the lock.

There are actually quite a few of these. Just google "remove iCloud activation lock" and there are quite a few sites out there that advertise this service.

How do they do it? Well, there's really only two ways to get past Activation Lock. One is to go to Apple with a legitimate proof of ownership (like an original receipt). The other is to convince the phone's owner, somehow, to deactivate the lock. And you can bet there's phishing and social engineering involved.

Bottom line: it's not a coincidence. OP's fears are confirmed: someone stole their iPhone and is now using one of these services to try and get past the lock.

This isn't to say that general, random phishing doesn't happen: it does. But random iCloud phishing is intended more to gain access to someone's iTunes account and hijack purchases. The type of phishing OP experienced is very target and specific to trying to get the phone working again.

 

[C DM]

They got your phone number from the SIM in the phone and sent an iMessage to it. It's not rocket science. Everyone is making it out to be this huge scheme, whereas in reality, some clueless chump probably sold your phone on eBay to someone who actually knows how to pull the sim and phish for your ID.

Perhaps the number but if it was an email or the Apple ID that doesn't quite seem as potentially straightforward as that.
[doublepost=1457761805][/doublepost]

Of course it does. That's why people believe in conspiracy theories and supernatural deities. "I prayed on Sunday, and something good happened today. That's proof god exists!" No, it proves nothing other than that person wants god to exist. All else is an unproven assertion.

https://en.wikipedia.org/wiki/Correlation_does_not_imply_causation - pay especial attention to the second paragraph.

The world is full of random events, and people try to find some meaning, some reason in that randomness - the hand of god, the claw of satan. Somehow, it's more comforting to be the victim of a sentient, malevolent evil or the unknowable will of god than to be the victim of inanimate, quantum-mechanical chance (the burden of proof is on Einstein to show that there is a god who may or may not play dice with the Universe).

Now, maybe the people who stole the phone (or obtained the stolen phone) found a technological way to get the owner's information. Nothing's impossible. However, it's not easy, and I can spin a variety of non-technological scenarios that require nothing more than a corrupt clerk at the local police station, cell phone provider, or insurance company; or a business card inadvertently sandwiched between the phone and it's protective case. Fortune tellers have been using accomplices for as long as there have been fortunes to tell - most "marks" still don't understand how it's done.

People's explanations for the unexplained are often strongly affected by current events. Before humans put spacecraft into orbit (proving it wasn't just science fiction) there were few reports of UFOs. Today, everyone's talking about the government wanting Apple to crack into iPhones....

On the other hand there's also that saying that just because you are paranoid it doesn't mean they aren't out to get you. That is to say of course all kinds of things happen, but it doesn't always mean that they are just random and there's nothing more to them--many times it does, but sometimes it doesn't.

There have been a few similar threads in just the past month or so where people's phones were stolen and then within a week or two they would be contacted by "Apple" in one way or another about their lost/stolen phone asking them to login somewhere to phish for their information. Sure, that's certainly not proof of anything, but at the same time it seems like there's something worth spending a bit of time questioning or looking into rather than just being dismissive simply based on many things on life just happening randomly (which they do, but it doesn't necessarily mean that some things don't).

 

[ApfelKuchen]

While I'm not going to say those sites are all scams... Some percentage of them certainly could be - when people want something badly enough, they're ripe for the picking.

And if some of them use social engineering... that gets back to the non-technical examples I gave. Say, a divorced spouse wants to get in. Divorced spouse knows the ex-spouse's email address, and the social engineers go to work.

But this still brings it back to causality. The fact that such sites exist does not prove that the sites are being used in this case.

 

[ielessar]

I get some of those emails and none of my devices were stolen. I think someone has an email database and randomly sends fake Apple emails to them. In your case, it may be a coincidence, or not.