IPhone Theft Leads to Stolen Apple Credentials Through Phishing Attack

The link between traditional criminals and cybercriminals can make a bad situation worse for victims of traditional crimes. A case in point is that of a woman who had her iPhone stolen during Chicago’s annual Lollapalooza. Of the hundreds who had their cellphones stolen or lost during the music festival, one woman’s attempt to find her iPhone led her to a phishing scheme that stole her credentials.

The victim shared her experience with the local news outlet CWBChicago to warn others. Like a regular phishing scheme, she received a seemingly legitimate text message with a link to what looked like the Find My iPhone webpage. She only realized that the text message and the webpage were fake after she had entered her credentials, because soon after criminals were able to access her account and wipe her stolen iPhone clean.

Although it’s easy to say that the entire case could’ve been avoided had the woman simply recognized the telltale signs of a phishing attack, criminals do have the ability to create phishing sites that can trick even the most cautious of users.

Forbes had reported how the cybercriminals can use a technique called a homograph attack to make their phishing sites’ URL look legitimate — no misspellings or subtle typos necessary. All they need is for certain letters to have a Cyrillic equivalent.

In addition, this combination of physical theft followed by a phishing attack has been present since 2017. Trend Micro reported on an earlier case that showed how this link could lead to different consequences. The victim, whose cellphone was stolen earlier, receiving phishing emails after the thieves gained access to his social media account.

Further investigation into the 2017 case revealed that attackers likely tried to steal the Apple ID credentials of stolen phone owners, using a phishing page and a socially engineered SMS message pretending to be Apple. We found that an iCloud phishing page was being peddled in the cybercriminal underground at the time. Gaining user credentials would allow criminals to disable the Activation Lock feature in iOS devices and let them wipe the stolen iPhone, which is what likely happened in this recent case.

Both old and new incidents shed light into the modus of stealing smart phones not just to resell them, but to use them for further cybercrimes. Smart phones, after all, contain a trove of personal information and access to several social media, email, messaging, and financial accounts.

Security recommendations

It is important to acknowledge that cybercrimes and physical crimes don’t exist in silos. Criminals would likely use any means to get the most profit from their activities, and this could involve a combination of methods. At the same time cybercrime continues to evolve to trick more victims and evade defenses.

Users should still remain wary of phishing red flags, adopt BYOD best practices, and enable security settings for their devices and apps. Users should also pay attention to the physical security of their mobile phones. Given the wealth of information they now contain, users should also have systems in place in case they do lose the device.

Users can also benefit from installing multilayered mobile security solutions such as Trend MicroMobile Security for Apple devices (available on the App Store) that can monitor and block phishing attacks and other malicious URLs. For organizations, especially those that use BYOD devices, Trend MicroMobile Security for Enterprise provides device, compliance, and application management, data protection, and configuration provisioning, as well as protect devices from attacks that leverage vulnerabilities, preventing unauthorized access to apps, as well as detecting and blocking malware and fraudulent websites.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.