A quick story of stolen iPhone and subsequent phishing attempt.
My iPhone 11 Pro Max was stolen a week ago (on Sat.26.Sep.2020). The thief walked into the empty (due to Covid) small London independent fast food restaurant I was in while grabbing some food. He put a map in my face babbling away in non-English, while quickly slipping my iPhone off my table and storming out and vanishing onto a busy street. As a reasonably streetwise Londoner, I wouldn’t typically have been taken in, but these thieves are cunning!
Obviously, I immediately reported the theft to the Police, my carrier (my SIM card has a PIN set, so couldn’t be used by the thief), and used Apple’s Find My app on my iPad Pro to set iPhone to erase.
Thief clearly turned it off immediately, as unfortunately, so far the device has only been turned on seemingly once for a very brief time since being stolen (on the other side of the city), thus the Find My device erase function still shows as Pending, and at the moment looks highly unlikely to ever be completed. I will therefore remove the stolen iPhone from my account after I buy a replacement in a couple of weeks. (silver lining: home insurance paid-out £1400 of the £1500, and as iPhone 12-series arrives in 2-3 weeks, I’ll simply wait to get a new one of those!)
Phishing SMS attempt (linking to fake Apple website).
This is the weird thing…
Today, exactly a week later (on Sat.03.Oct.2020), another family member on my Apple iCloud Family plan received an SMS (not an iMessage) from a sender with no phone number, featuring the following text+URL (note ‘Mike Smith’ is not my actual name for security reasons!):
Dear Mike Smith,
Your lost iPhone 11 Pro Max is online and connected to the internet.
Track live location: http://maps-findmy.com/fmis/474K
Note that this fake Find My URL only works at the full URL directory address (http://maps-findmy.com/fmis/474K), but shows a 404 page at the top level domain (http://maps-findmy.com). You can open these URLs; it does nothing malicious directly (obviously don’t enter your A-ID details!).
Questions that arise.
Given the text in the SMS says my stolen device was “online and connected to the internet”, as a user, I’m left wondering the following security questions:
How did the the thieves get my Family members’ contact info, in order to send her a phishing attempt SMS for my stolen device?
How did the thieves get my name, as the SMS clearly has my full name on it (as you can see above)?
Anyway, as advised after phoning AppleCare, I emailed their phishing report email address, (firstname.lastname@example.org) attaching two screenshots (family members’ SMS message received on her iPhone, & my iPad Pro’s screen of the fake Find My phishing website).