By FDI Creative Services on 02/24/2017
Category: Krebs on Security

iPhone Robbers Try to iPhish Victims

In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone. Not long after the husband texted the stolen phone — offering to buy back the locked device — he soon began receiving text messages stating the phone had been found. All he had to do to begin the process of retrieving the device was click the texted link and log in to the phishing page mimicking Apple’s site.

Edu Rabin is a resident of Porto Alegre, the capital and largest city of the Brazilian state of Rio Grande do Sul in southern Brazil. Rabin said three thugs robbed his wife last Saturday in broad daylight. Thankfully, she was unharmed and all they wanted was her iPhone 5s.

Rabin said he then tried to locate the device using the “Find my iPhone” app.

“It was already in a nearby city, where the crime rates are even higher than mine,” Rabin said.

He said he then used his phone to send the robbers a message offering to buy back his wife’s phone.

“I’d sent a message with my phone number saying, ‘Dear mister robber, since you can’t really use the phone, I’m preparing to rebuy it from you. All my best!’ This happened on Saturday. On Sunday, I’d checked again the search app and the phone was still offline and at same place.”

But the following day he began receiving text messages stating that his phone had been recovered.

“On Monday, I’d started to receive SMS messages saying that my iphone had been found and a URL to reach it,” Rabin said. Here’s a screenshot of one of those texts:

The link led to a page that looks exactly like the Brazilian version of Apple’s sign-in page, but which is hosted on a site that allows free Web hosting.

Rabin said he didn’t fall for the ruse, but that he imagines the scam would trick quite a few people who have lost their iPhone and are anxious to get it back.

Leave the “icloud” off the end of that texted URL and we can see a phony copy of Apple’s “Find My iPhone” login page that is still live (the hosting provider has been notified):

A “Find my iPhone” phishing page used by the robbers.

But the scammers didn’t stop there in trying to phish the Apple ID and password for his iPhone account. Rabin said that just two days later, he received an odd, automated call on his mobile.

“It came from a strange number and a voice sounding like Siri or the [Google] Waze voice, informing me that my iPhone had been found and to look for my SMS for more info,” Rabin said. “That’s when I thought I had to tell this story to someone. To me, it really got to another level, connecting the lowest kind of criminals to a high profile one (probably went to school and college) that can buy (or even create) this kind of scam.”

The high cost of smart phones makes mobile device theft a serious problem everywhere in the world, not just Brazil. If you use an Apple device, it’s a good idea to turn on the “Find My iPhone” feature using the Find My iPhone App, so that when or if the device gets lost you can located it by signing into icloud.com/find.

If your Apple device is lost or stolen, check out Apple’s advice on how to manage the loss, depending on the severity of the situation. In Rabin’s case, even though the phone is currently turned off, he has the options to put it in “Lost mode,” “lock it,” or “remotely erase it.” The next time your device is online, these actions will take effect.

Also, try to make a habit of regularly synching your device to your computer, so that in the event your phone is lost or stolen your data is backed up and you don’t have to worry about remotely wiping important data that may not already be saved locally.



Tags: apple, Edu Rabin, findmyiphone, iPhone

This entry was posted on Friday, February 24th, 2017 at 4:21 pm and is filed under Other. You can follow any comments to this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.

Related Posts