iPhone thieves may be able to pick up an iPhone, but thanks to “Find my iPhone,” breaking into them is such a headache.  

However, where there is a will, there is a way.

A scam was recently discovered: one that involves stealing the victim’s Apple iCloud username and password after the theft of the device.  Just as the victim can remotely lock and/or find their phone, thieves can use stolen credentials to unlock the phone and wipe out the device, making it much more attractive to buyers.

The way they have been stealing credentials is pretty clever.  After the device has been stolen (sometimes even months after), the victim receives a phishing message, stating that the iPhone linked to the stolen phone had been found, and that by clicking the link provided, the exact location of the device could be viewed.  The link takes the victim to a spoof page, complete with authentic-looking Apple logos, web addresses, and even pre-filled with the email address.

But alas, the site is fake, and the thieves can use the information provided to actually unlock the stolen device.

It pays to be wary.  Be sure to do your research before entering your sensitive information.  If it seems too good to be true?  It probably is.

Comments are closed.