In a post last month, Brian Krebs related the case of an iPhone user in Brazil who, in attempting to recover their phone, suffered a rather insidious phishing attempt. We also had received an almost identical firsthand account — from someone in Israel.
A modest web search immediately turns up reports from many countries of iPhone theft victims activating “Lost Mode” in Find My Iphone, which sends a separate phone number or email contact to the device, and for their trouble receiving in reply a link to a faux iCloud login page, whose design might not pass muster with Jonathan Ive, but to the less discerning and desperate theft victim can be convincing enough.
Cyren researchers were able to connect the URLs used in this Israeli case to other registered domains and broader phishing schemes, which provided some insight into the phishing-as-a-service ecosystem (PhaaS, anyone?), as we discussed in a blog here last June, and in our special report on phishing published in August.
What gives pause is to consider that such an “industry” has become so fully evolved in so many places, requiring the connection of a presumably low-tech thief to (usually) an iPhone hardware-savvy “repair” shop, who in turn makes the connection to the extremely sophisticated phishing operator.
How the Scam Works
A criminal steals the iPhone. The owner of the phone realizes the phone is missing and initiates the “Find My iPhone” feature by logging into his Apple iCloud account or using the “Find My iPhone” app that he has installed on another Apple device, such as an iPad.
The owner of a lost or stolen iPhone displays a message on the phone using the Find My iPhone feature.
When the “Find iPhone” icon is clicked, a map appears providing the location of the phone, along with an option to turn on “Lost Mode”.
By using the “Lost Mode” feature of Find My iPhone, the phone’s owner can display a custom message on the screen of the lost device. Apple helpfully suggests “…you may want to indicate that the device is lost or how to contact you.” The phone’s owner enters contact information (such as an alternate phone number he can be reached at or an email address) and that contact information appears on the screen of the lost iPhone.
Want to learn more about cloud-based email & web security? Contact us here!