Your Stolen iPhone Has Been Found
The enormous sales of Apple products, also mean that they are a huge target for theft.
Between 3 and 4 million smartphones are stolen every year.
If you’re like most people your phone tends to be a little bit of everything: a photo album, a diary, wallet, gaming machine, bank account, and more. Most people have their entire work and private lives on these devices which can cost up to a thousand bucks. The cost of losing your phone just starts with the cost of replacement…just take a moment to think about all the personal and financial information your phone contains. Losing it can feel like a disaster.
CyberCriminals count on this panic, and use it for their gain. They count on the person wanting to avoid the personal and financial loss, in order to use social engineering against them.
In this new iPhone scam, people are victimized twice:
- Your iPhone gets stolen.
- You go online, and turn on the ‘Find My iPhone’ Activation Lock.
- Shortly afterwards, you receive an email that your iPhone has been found, but you need to go to this website (they provide a link) and verify your Apple ID.
- You click on the link provided, and enter into your Apple ID credentials.
The link that was provided, was to a fake Apple iCloud site. When you entered your information, you gave all the information that the CyberCriminals needed to now own your account and unlock the phone. The CyberCriminals are now free to sell the phone.
There is nothing else for you to do, other than to go to Apple (go to the Apple site, or type in the address into the address bar manually – Not the one provided in the email). Change your password, and set up a 2-factor verification for your account.
Your iPhone (or iPad) is gone forever.
How CyberCriminals Do This:
Since the release of iOS7, Apple has made it entirely possible for CyberCriminals to reset and reformat your iDevice without your iCloud Username and Password. They simply send an iMessage to the email address that it said it had been locked by, as the default iOS settings mean you can send & receive iMessages to email addresses with an Apple ID.
It’s important to note that iCloud does not provide an IP address or any other details which will help you actually identify your thief. It basically shows you a map of the general vicinity of the location of the stolen item (could be 1-3 city blocks), and that’s all.
What to do if Your iPhone (or iPad) is Stolen:
- Do Not respond to, or click on links, from an address you do not recognize claiming your phone was found.
- Do not click on any links, or open any attachments provided. Do not call any phone numbers that the message may give you.
- Do not log into any site that you get within an message like this, and do not provide your username and password, or any other credentials.
- DO follow the procedures you were given by your phone manufacturer. If you do not know the procedure, go directly to the manufacturer website to find out.
- For Apple go to: https://support.apple.com/en-ca/HT204315
- Deactivate the phone with your wireless provider to prevent the theif from running up a lot of charges on your bill. Some providers will deactivate your device on their network, which prevents a thief from just resetting the device and slapping in a new SIM card. Note: Once you deactivate service, you won’t be able to communicate with your iPhone via ‘Find My iPhone’.
- Start taking steps to prevent the criminals from accessing your personal information. Visit the website for every app and service on your phone, and see if they have the option to logout other devices, revoke tokens, or de-register mobile devices. This will prevent the thief from simply firing up an app or website and using your saved login info.
- File a police report. It’s unlikely that the police will act upon the theft, but it is important to document the theft, especially if the device turns up later. Be sure to include a unique identifyer for your device (phone number or serial number).
- Change any passwords for email, Facebook, etc.
- Inform your family, friends, coworkers, and all contacts in your address book. It’s possible that the thief may try to impersonate you through social media or via SMS on a different phone. By letting them know, you can prevent them from being victimized as well by a phone/email scam.
Not sure if your company is safe? Ask us for a FREE Network Security Assessment!
Check out our “Email Red Flags” for what to watch for in suspicious emails.