Fraudsters are using iCloud phishing to steal iOS devices

How to use Face ID on the iPhone X
How to use Face ID on the iPhone X (Image credit: iMore)

Mobile security company TrendMicro's research team published a blog post last week detailing findings they've uncovered regarding the theft of iOS devices. In their investigation, they found an alarming intersection of physical crimes and online scams: fraudsters are using phishing techniques to unlock the iPhones they've stolen.

According to TrendMicro, this is a worldwide phenomenon, with individuals from Ireland and the U.K. to India, Argentina, and the U.S. being targeted. The global market for stolen iPhones is vast and, as the company notes, profitable:

Last year, stolen iPhones were sold in Eastern European countries for as much as $2,100. In the U.S. 23,000 iPhones from the Miami International Airport, valued at $6.7 million, were stolen last year.

Essentially, once an iPhone is stolen, the thieves will spoof an email or SMS text that looks as though it's from Apple to send to the victim saying that their phone has been found and asking them to click a link to move forward in the retrieval process. However, once the victim clicks that link, it compromises their iCloud credentials, which subcontracted third-party iCloud phishing services will then use to unlock the device. These phishers use tools such as MagicApp, Applekit, and Find My iPhone to complete this task. When it's all finished, the device is resold in "underground and gray markets."

So, knowing all this, how do you keep your device safe? TrendMicro advises the following:

  • First and foremost, use common sense. If a link seems even remotely suspicious, don't click it or input any personal information. It's better to wait a little longer for your missing phone and verify that it is actually Apple contacting you than to jump on a fishy email just because you're eager to retrieve your device.
  • Use best practices when it comes to securing your tech. That means setting up fingerprint scanning or Face ID, setting a passcode, enabling two-factor authentication on your iCloud account, and setting up or enabling any other security features, i.e., Find My iPhone and auto-locking.
  • Regularly back up your phone so that if the worst happens, you won't lose everything.
  • Report the device's loss or theft to your carrier to deter fraudsters from reusing it.
  • Do your research when purchasing a phone secondhand. The Cellular Telecommunications Industry Association (CTIA) has a website where you can check if an iPhone has been blacklisted or stolen by verifying the phone's serial number.

For more information, check out TrendMicro's original blog post.

Questions?

We're happy to answer any further questions you may have regarding iPhone security. Give us a shout in the comments, and we'll get back to you as soon as we can.

Tory Foulk

Tory Foulk is a writer at Mobile Nations. She lives at the intersection of technology and sorcery and enjoys radio, bees, and houses in small towns. When she isn't working on articles, you'll likely find her listening to her favorite podcasts in a carefully curated blanket nest. You can follow her on Twitter at @tsfoulk.