Criminals Devise new Phishing Tactic by Using Stolen iPhones

Internet criminals have an easy time coming up with new ways to take advantage of unsuspecting consumers. iPhone users have become a popular target for thieves looking to obtain these expensive devices. Unlike what most people expect, once your iPhone is stolen, that is only the beginning of one’s concerns. It appears these victims are targeted by phishing campaigns shortly after the theft occurs.

iPhone Theft Victim Face Multiple Threats

It is not uncommon for crooks to steal mobile devices from unsuspecting users. Whether they look for devices left behind by accident, or take drastic measures such as mugging people on the street, iPhones are a prized possession these days. Unfortunately, recovering the stolen phone seems to be rather tricky.

In one particular case, a woman was robbed and her iPhone was stolen. Once her husband texted the device’s mobile number to ping its location, he got an answer back. In this message, thieves claimed the device was retrieved and included a hyperlink to show the location on a map. Unfortunately, clicking this link opens up a new can of worms, as the URL redirected to a phishing page which mimics Apple’s site.

The “Find my iPhone” app has become very popular as of late, mainly due to people worrying about losing their device by accident or by having it stolen from them. In this incident, the husband used his phone to text his wife’s stolen device and plead with the robbers to buy it back from them. While the messages he received back mimic those of the Find my iPhone app, the URL redirected the man to a phishing site asking for his Apple ID credentials.

Thankfully, the man noticed something was fishy about this page and decided not to log in. However, it is evident a lot of less tech-savvy users may fall for this phishing trick, as everything looks to be as legitimate as it possibly can. It takes some knowledge to figure out this phishing site is hosted by a free web hosting service provider, rather than being an actual Apple domain. A clever attempt, but one that may not be as successful as the criminals would like.

This is why this first phishing attack is only part of the potential threat to occur once somebody’s iPhone is stolen. The man received an automated call on his mobile two days after being sent the link to the phishing site. It sounded a lot like Siri, informing the man to check his SMS inbox for more information. This indicates the thieves are going to great lengths to make people believe the SMS message with the URL is 100% legitimate.

Criminals are becoming far more sophisticated when it comes to targeting new victims. All it takes is stealing a device and trying to trick users into giving up their Apple ID credentials. It is unclear what they hope to do with this information, albeit it is evident they will use it for some nefarious purpose. iPhone users should always take the appropriate steps to deal with device loss or theft, as well as back up their data to a computer at regular intervals.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.