Phishing awareness/alert 🚨A thread 🪡(1/11) My iPhone was snatched this weekend while I was waiting at the roadsi… https://t.co/98NNztbi0Y
— Vedant (@vedantkhanduja) 1636480491000
For those unaware, with the iOS 15 update, if your iPhone gets stolen and the thief decides to turn it off even then you will be able to track it. The only way someone can disable the FindMy app tracking is by removing the iCloud account of the owner of the iPhone. And this is exactly what the thieves did.
The thieves resorted to a phishing scam to steal iCloud login details from the user. The user got an SMS claiming that his lost iPhone 12 has been found and “temporarily switched ON”. The SMS also had a link to track the location. On clicking the link, the user was asked to login to his iCloud account to track the location of his lost iPhone. Little did he know that it was a phishing website and it was used to steal the login credentials of his iCloud account to turn off the tracking feature.
When an iPhone is marked as lost, it is remotely locked with a passcode and you can display a custom message with your phone number on your missing device’s Lock screen. As the custom message on the lost iPhone displays a phone number, scammers are now sending an SMS to that phone number with a link to a phishing website which looks exactly like the iCloud website. The SMS will have a message like: “Your lost iPhone has been found. Click here to view the location” along with the link to the phishing website.
The moment you click on this link to see the location of your lost iPhone, a fake iCloud website which looks exactly similar to the original one, will open and ask you to login with your iCloud ID and password. This phishing website simply steals your login information and sends it to the thieves so that they are able to unlock your lost iPhone and use it. After this is done, there’s little chance to get your iPhone back.