Credit: Sergey Causelove / Shutterstock
We’ve previously detailed some of the strategies and technologies being developed by hackers and thieves to bypass the security on iPhones. But we recently spotted a new tactic, thanks to a Reddit user, that’s both extremely devious and extremely clever. Here’s how the scam works — and how you can protect yourself.
Normally, Apple’s Activation Lock and Find My iPhone protect devices from being wiped and resold by thieves. Without a user’s passcode and possible 2FA authorization, an iPhone is essentially useless.
To get around this, thieves have relied on getting users to log out of iCloud. Sometimes, that happens at gunpoint. Other times it can happen through sophisticated phishing techniques. Here’s the story.
An iPhone owner left their device in a Lyft and was not able to recover it.
The owner’s family member put the device into Lost Mode and placed their own phone number onto the display so they could be contacted if the iPhone was found. This is when the phishing attempts started.
After three days, the family member received a text message claiming that the lost iPhone was found. It included a sketchy link, presumably to a phishing webpage.
And today, the family member said on Reddit that they received a phone call that appeared to come from 1-800-
The caller said that the iPhone had been found and that they wanted to return the device. The family member told the scammers to call the actual owner of the device — and, as they note, that’s when things “went off the rails.”
The thieves said that they would ship the device back to the owner. But in order to ship the device, the scammers said that Find My iPhone would need to be disabled.
While the iPhone owner did not give up the passcode, the thieves were able to walk him through disassociating the device from his iCloud account.
While they contacted Apple Support, the staff member said that she couldn’t think of any way to re-associate the device with an iCloud account remotely. In other words, the thieves were likely able to wipe the device on their end.
Security & Privacy Tips
Losing your iPhone obviously results in a bad day. But hope isn’t necessarily lost if you have iCloud enabled and Activation Lock turned on.
While we still recommend turning on Lost Mode and leaving a phone number on your iPhone’s screen, you should be aware of phishing attempts coming your way.
We’ve covered techniques to getting a lost or stolen iPhone back, but here are some best practices to apply to protect yourself from this specific scam.
- Ignore any messages or calls appearing to come from Apple. It’s not likely that Apple itself found your device — and even if it did, the company doesn’t cold call users. If you’re worried, contact Apple directly through a verified number.
- Apple staff will never ask for your login credentials or iPhone PIN. Don’t ever give them out.
- You should not deactivate Find My iPhone or log out of iCloud on a lost or stolen device for any reason. Being asked to do so is a major red flag. Once you do, your iPhone is as good as gone.
- Going back to the Find My app and regularly checking your lost device for any pings is your best bet at recovering it.
- We also recommend reporting your iPhone as stolen to your local authorities and your carrier.