Losing your phone is probably the worst thing that you can imagine right now. Now, while tools like Find My from both Google and Apple make things better in terms of relocating a lost phone and peace of mind, in case one loses their phone. However, hackers have found ways to bypass these measures put in place by manufacturers to avoid theft and loss. A similar case has been reported by India Today, where an iPhone 12 user in Delhi’s iPhone 12 was snatched by thieves, who later showed quite some smarts to dupe Vedant Khanduja of his Apple ID and password as well after stealing his phone.
According to a Twitter thread cited by India Today, Khanduja said that his phone was snatched, and when he tried to locate is by logging in to the Find My app in order to locate it, the system was unable to get the exact location of the device. He then put his iPhone in Lost Mode, alerted the police, and blocked his SIM card. In Lost Mode, nobody apart from you can access your information even after turning the iPhone. “Your device does not display alerts or play a sound when you receive messages or notifications, or if any alarms go off. Your device can still receive phone calls and FaceTime calls. Apple Pay is disabled for your device. Any credit or debit cards set up for Apple Pay, student ID cards and Express Travel cards are suspended for your device. Apple Pay and student ID cards are suspended even if your device is offline. Express Travel cards are suspended the next time your device goes online. You can resume using suspended cards on your device after you unlock it and sign in with your Apple ID,” Apple says on its Support Page.
Couple of days later, after unsuccessful attempts at locating his smartphone, Khanduja received a message that said “Your lost iPhone 12 Blue has been found and temporarily switch ON. View location,” along with a link with words like iCloud, find my, map, and more. Panicked, he opened the link, which showed an area around Safdarjung in Delhi and asked him to log in to iCloud to continue seeing. He did so, in a panicked state, but was shown the same graphic again and again.
He soon got an email saying that his Apple ID was accessed from a Windows desktop. The user then hurriedly changed the password and removed the location. But it was too late, his stolen iPhone was removed from the Apple ID and the Find My was also switched off.
“The link in the message I received was not from apple but from the scammer/thief. When prompted to sign to iCloud,” Khanduja said. It sent the ID and password to the person who had sent the message. They got the credentials, got into Apple ID through Windows, and removed the stolen iPhone.
This case shows us exactly how vigilant we have to be. While it is strongly recommended that you keep Find My on at all times, and despite that, you need to be super vigilant about what links you are clicking and where you are entering your credentials.