Yes, and this deliberate. Caller ID is not an actual trace, but a presentation of a number generated by the sender’s call center (which might be a corporate PBX).
Anybody running a PBX can configure it to generate any caller ID number. This is important because (for example) a call from a company’s support organization will want it to show the main support line, not the tech’s extension. Calls from a political campaign will want to show the campaign’s main number. People working from home will want their work number, not their home number to be shown.
Unfortunately, these legitimate uses also make it easy for scammers to forge any number they want as well.
{re-post; forgot to redact pics on original post.}
The plot thickens… Sat.24.Oct.2020 (exactly 4-weeks since device stolen).
• 5:03pm:
I receive a legitimate email notification from Apple saying my device is being erased (and the FindMy app/browser confirms this). After logging-in to FindMy, no final location is given; the only option it now offers me is to “Remove This Device” – which after the above advise (thanks @stottm et al.!) and all the crap these scammers are wasting my time with; ain’t gonna happen!
• 5:07pm:
I receive a second legitimate email from Apple, saying “Activation Lock is requesting your password on [My Name]'s iPhone (iPhone 11 Pro Max)”. I’m presuming the thieves are able to request this at their end on the stolen device now it’s erased and location tracking thus stopped (or perhaps Apple auto-send this message out as a reminder?). Either way: ignored.
• 5:27pm:
Two family members receive two copies of another version of the original SMS from thieves again, saying device found and a new URL to another fake Apple FindMy website (tried an hour later; and the link is dead, just like the first one).
EDIT:
The one thing I find Apple completely lacking in here, is offering users of specifically STOLEN devices any direct advice that removing the device from your FindMy account is not advisable as it then re-enables the Activation Lock sign-in on the device.
It’s almost like they don’t want to admit to users that they have to keep the device on their accounts for a [unknown? perhaps couple of years] length of time to stop thieves using the device internationally. Sure, there’s the IMEI Blacklisting I previously mentioned (here), but that’s not truly failsafe in blocking across most networks globally, so isn’t really to be relied on entirely.
As I recall, I found that setting with no explanation of what the effect was, so I left it alone. (I didn’t search for an explanation.) Is it as simple as requiring a code when the phone is started and nothing more? Or is there something else in play?
@Will_M
Yes, Google your carriers default, then set your own (6+ digits recommended).
Whenever you turn the phone off and on again, you’ll first be asked the phone PIN, then this SIM PIN you previously set.
Yep, Apple doesn’t explain it but I would still keep it there for a good long while otherwise the thieves win and get to re-use that iPhone thus perpetuating theft. Much like paying ransomware or kidnappers it only encourages the bad behavior. Really, leaving it in the list of devices won’t impact you in any way shape or form.
In the corporate world where we use MDM servers to manage Apple devices, when one is stolen we wipe it remotely and move it to a secondary MDM server for stolen devices. Where we have different policies and such. We remove the activation lock but the device is still going to phone home to our server and checkin wherein we can do interesting things like collect all the bluetooth and wifi connections collect GPS coordinates, collect nearby WiFi and bluetooth devices and if they put their personal data on the device we can get a hold of that. We can also have the encryption keys. This is more flexible for Macs than iOS/iPadOS but you can still do a lot. Then we have our legal department engage with the police and feed them the evidence.
Sounds useful. Shame us non-MDM users couldn’t have such an option, or something else of use.
…wonder if 9am tomorrow morning I’ll get another silent call or two, as per last week.
[EDIT: No silent calls today. Maybe they’ll try later this week, to break it up a little or something, lol!]
When I searched for the default SIM PIN for Boost Mobile, I found some discussions that said I needed to contact Boost. Since customer service is not Boost’s strong suit, it’s on my list of things to do rather than something I have done.
Edited to add: I chatted with Boost and got the PIN (1234, which the tech said was the default PIN for every SIM in the known universe), and now I have a non-default SIM PIN.
