Skip to main content

iPhone Stolen? Watch Out For This Phishing Attack

At one point or another, we've all misplaced our smartphones — and now that headache comes with the added price of becoming a target for attackers. This is according to a report that shows how phishing attacks are taking aim at folks who have had their iPhones lost or stolen.

Image: Shutterstock / guteksk7

Image: Shutterstock / guteksk7

According to independent security expert Graham Cluley, who posted the news on security firm Bitdefender's Hot For Security blog today (August 2) one of the targets has been Joonas Kiminki, the co-founder and managing director of a Drupal coding company in Finland. After thieves poached Kiminki's iPhone 6 out of an automobile he rented, he took all of the responsible steps that one should take, measures that attackers prey upon.

MORE: 12 Computer Security Mistakes You’re Probably Making

Kiminki started by marking the device as lost in the Find my iPhone app, enabling an email alert for if it comes online and sending it a text message to appear on the device's screen. And thanks to the device being tied to his iCloud account, only he could reset it or deactivate it. You could imagine his elation when, 11 days after the theft, when he received an SMS and email notifying him that the iPhone had been found.

The email from "Apple" that wasn't flagged as suspicious by Google Inbox showed a street location and correctly named his device, and didn't look suspicious at all. And while Kiminki says he felt a temporary "moment of excitement," his experience as a coder gave him pause before he could enter his iCloud login credentials on the web page the email and text sent him to.

Image: Hot For Security / Medium

Image: Hot For Security / Medium

The first thing Kiminki noticed was that the address, show-iphone-location.com, seemed off. Secondly, this login page that looked a lot like Apple's own iCloud entry site, didn't bear a green lock icon in the address bar, which signifies a secure, encrypted connection.

So, unlike most users who would likely be so elated at the possibility of getting reunited with their expensive lost device that they would be tapping their username and password as fast as they could, Kiminki didn't submit his login credentials to this fraudulent webpage. This suspicion saved him from what he believes to be a phishing attack aimed to gain the iCloud credentials necessary to free the stolen device from his control.

Further investigation showed that the email Kiminki received came from "icloud.insideappleusa@gmail.com" an address that is clearly far from official, and that the fake iCloud login page performs a shake animation after users enter their account credentials, and claims that the account name or password entered is invalid. And then, that username and password is recorded in a file, so the hackers can use it to take full control.

The takeaways from Kiminki's close-call are simple. Expect to be targeted if you lose a device, and make sure to turn on Apple's two-factor authentication. And always check for the little things when you receive emails that claim to be from important companies: what's the address of the sender, the URL their link points toward and if that page is secure.