Experts explain the most common steps criminals take to get your ID from Apple and be able to use the device
The theft of an iPhone triggers a complex process for thieves to deploy social engineering techniques against the user. It is logical, a device disconnected from an account ID of Apple It can be sold at a much higher value in the market of used phones.
Therefore, if the thieves have not managed by their own means the username and password of the victim's iCloud, the first thing that criminals do is disconnect it so that it cannot be located from the "Search my iPhone" application.
The victim can still remotely erase the data at the time the iPhone connects to the Internet, but this is impossible to do if the thieves do not connect it. After this, the next step is to remove the SIM card to find out the victim's phone number.
Once the victim activates their replacement SIM card, they receive an SMS identical to a legitimate notification of the "Find my iPhone" service from Apple asking him to detect the location of the stolen phone through what appears to be an official iCloud website (icloud.co.com for example). However, after a more detailed inspection, you should realize that the address "icioud (dot) co (dot) com" It is written with a capital "i", instead of a lowercase 'ele'.
To avoid "phishing" (impersonation of a legitimate source) you have to be very attentive to the SMS received since the letter that has actually been included in the address is not visible to the naked eye. This link refers to a web page that is where the user must pay the utmost attention so as not to complete the form requesting their ID account information. In case of falling for this trick, the thieves will try to contact the owner of the iPhone through a phone call pretending to be representatives of a customer service center.
On the call, they describe the device and offer to return it. If the robbery victim believes it, the scammers ask you to look for the phone in a specific place. The victim may try to ask questions about the iPhone or their encounter to try to catch the thieves.
The thieves, following the history of the customer service center, can provide a page where the user can see that their iPhone appears as missing. But, to know if it is a lost phone, the first thing to do is turn it on.
Then the phone will show a notification about the loss with a phone number to contact the owner. In this way, if someone tried to call the contact number, they would connect with the alternative number that the victim has provided, and not the one of the SIM card in the iPhone.
Also, during the call, the victim can check again if his phone has connected to the "Search my iPhone" application. If the thief notices, he can suggest to the victim that the iPhone may have connected to another ID Apple.
At this point, from the supposed customer service they can ask the victim to provide their username and password to eliminate the link with the stolen phone. In reality, the victim would be giving the thieves a way to turn on and reuse the phone without risk of being discovered.
If the victim does not fall into this trap either, the thieves no longer have space to continue acting, although they can continue sending some SMS with "phishing" in case the iPhone owner gives them their password. If initially the owner activated the way to erase the iPhone, if it comes to contact at any time, then it will be disabled, So thieves will have to settle for selling it as a spare.