The tracking capabilities of Apple devices through the network Where I’m a good one deterrent against theft of iPhone, iPad and Mac.
Not just because they allow you to locate the location of a lost phone, but also because they function as a last barrier against reactivating a stolen device. A thief or a fence, to perform a factory data reset, has to know the victim’s Apple ID credentials of theft, of which it is often not said that he even knows the name.
The functionality Where, which allows you to report an iPhone as lost (or stolen), it can providing unintentional help to the bad guys, especially if the owner decides to show his contact information on the lost phone or a phone number to call in case of finding. With this data thieves can indeed throw one targeted phishing campaign via sms, inviting the theft victim to enter their credentials on a scam site.
The guide
How to backup iPhone
at Antonio Dini
It really happens
It seems a remote hypothesis, and instead it is a fairly common occurrence, which we read on online forums and which we have been able to see firsthand, gathering the testimony of a victim, whom we will call Luca: “Immediately after the theft – he told – I proceeded to mark my iPhone 11 as lost, indicating on the phone an alternative number and that of my wife ”. In the following hours, the iPhone disappeared from the map of Where: the thieves had turned it off so as not to be traced. In the following hours no signal until they arrive two strange phone calls to the numbers indicated on the smartphone: “In both cases we answered, but after a few seconds the interlocutor hung up”.
Galeotto was the SMS
It was probably a test for the next step. On Luca’s new smartphone and his wife’s (a Samsung) two text messages arrive that seem to rekindle hope: “Your iPhone 11 has been found. Check the details of its location in https://www.repubblica.it/tecnologia/2021/08/04/news/se_vi_rubano_l_iphone_o_l_ipad_attenti_agli_sms_truffa-312887057/?rss Apple Support “. Luca does not click, but connects to iCloud from the app Where and he sees that the iPhone has really reappeared, for a very brief moment, inside a repair shop in a city in the North-West, about 300 kilometers from the place of the theft. Just long enough to get the address, and the iPhone disappears again. A little less than an hour later, another text message arrives the same as the previous one, but on his wife’s Samsung: Luca click on the link, enter the access data, but nothing happens.
Soon after the iPhone disappears not only from the map, but also from the list of Luca’s devices, in his iCloud account. The scam succeeded: someone used the credentials entered on the deceptive site to deactivate Where and restore the iPhone 11.
A well thought out scam
With hindsight it is clear that the text message sent to the emergency numbers was a scam. There is that “is” with the wrong accent, but above all that link, which leads to a site that has nothing to do with Apple. Despite these elements, the message arrived on Luca’s new iPhone could have fooled even the most attentive people. As you can see from the image above, the text message arrived with a generic Apple header, so as to end up in a Message conversation in which Luca had received an authorization code in the past really sent by Apple.
Not only that: the site linked in the sms worked correctly on the phone of Luca’s wife, from which the credentials were entered. On our iPhone, during some tests, it was instead immediately blocked by Safari as a potentially malicious site. And then there is that first reappearance of the iPhone, coinciding with the initial message: “It was probably the moment they turned it back on to get the phone numbers from the lock screen – Luca’s hypothesis – Nella excitement are fell into the trap when the second sms arrived, precisely because I was waiting to see the phone appear on the map again ”.
What to do in case of theft
In case you find yourself in the situation of the protagonist of this story, the advice is therefore to be very careful about the messages you receive. If you are sure that your iPhone has been stolen and not just lost, do not activate the function Where showing phone numbers on your smartphone. Also, remember that Apple never sends any connection link via text message, a now insecure communication channel that should also be avoided for receiving authentication codes.
To track the device always connect directly to iCloud, or use the app Where on another Apple device. Another very important step is enabling two-factor authentication, which in Luca’s case could have prevented stolen data from being entered into iCloud to disconnect the phone. On iPhone or iPad, it quickly activates from Settings, [Nome utente] e Password and security, with a tap its Enable two-factor authentication. Who was not familiar with iOS devices can follow the official Apple guide to about.
.