Cybercriminals are outdoing themselves by inventing new ways to extort data. Now Italian fraudsters have shown a rather unusual amount of creativity, trying to unlock the stolen iPhone of a Polish woman. The case was just described by an industry expert
They stole an iPhone, but that wasn’t the end. They “asked” for a code and password
The daughter of one of Niebezpiecznik’s readers had her iPhone stolen on a tram during her stay in Italy. The smartphone was, of course, password protected, a locked iPhone is of little value to a thief. Without knowing the password, it cannot be unlocked, and even after clearing the memory, the smartphone will still be useless because it remains connected to the owner’s account. Theoretically, all data remaining on the device should be safe because a thief cannot read it and can only delete it.
As the portal describes, when the reader’s daughter realized that she had lost her smartphone, she borrowed a phone from a random person and called her father. The latter, in turn, marked the iPhone as lost in Apple’s “Find My iPhone” service. He also included a message asking for the return of the device and his phone number. The thief was obviously just waiting for this. Two hours after losing the phone, the reader received an SMS that was supposed to resemble a message from Apple.
“Dear customer, your IDevice 12 64GB silver has been found. View locations: https://next.gazeta.pl/next/7,151243,30200719,oszusci-wiedza-jak-odblokowac-kradzionego-iphone-a-sami-poprosili.html” – was the message as received by the reader. The sender signed himself as “FindMy-Support”, which was supposed to suggest that the message was generated by the Find My service from Apple. Moreover, instead of the phone number in the sender field, only the name “FindMy” was displayed. , which was intended to make the fraud even more credible. Moreover, although the iPhone was stolen in Italy, the message was in Polish (but written without Polish characters).
Niebezpiecznik explains that the link led to a crafted scam website that strongly resembled the original Find My website located at apple.com. In order to allegedly learn the location of the iPhone, the fake website required both the lock code and the AppleID password to be entered. If the reader or his daughter provided this information, criminals would have everything they need to unlock the screen and unsecure the iPhone, then wipe and sell the device.
It is difficult to say whether the thief intended to use phishing to extort iPhone unlocking data, or maybe he sold the smartphone to someone who had previously crafted websites and knew how to operate. The reader of Niebezpiecznik and his daughter were not fooled, but this example shows that even the strongest security measures are meaningless if we unknowingly provide all the passwords to the fraudsters.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
