We all have heard about stories where Find My from Apple has helped people find their lost or stolen devices. In many cases, where even the police looked helpless, Apple’s Find My service has helped consumers. But today, we came across a bizarre and scary incident, from the heart of India’s capital, Delhi. An iPhone user named Vedant had his iPhone snatched while he was on his bicycle to calibrate his smart watch’s GPS via iPhone. The incident happened at around 7:50 pm at Vikaspuri Outer Ring Road, opposite Pastry Palace. He quickly tried to use Find My iPhone via a Mac, within 20 minutes of the incident only to find that his phone is offline and no location data is being shared.
He followed the standard protocols as per law. He reported the incident to Delhi Police within an hour and contacted the carrier he’s on, to block the existing SIM card. He also switched to a spare iPhone meanwhile and turned on the ‘Lost Mode’ for his stolen iPhone. He turned on the Lost Mode so that if anyone connects his iPhone to any Wi-Fi, he would get a notification and no one will be able to use the iPhone or reset it.
Now, the person lost his iPhone on a Saturday evening and on Monday at 4:50 PM, he received a text message which says, ‘Your lost iPhone 12 Blue has been found and temporarily switched ON.’ The text also contained the link which he had to follow to look for the location of his lost iPhone. He followed the link and saw that an area near Safdurjung was being shown, followed by a prompt to log into his iCloud. As he logged in, the same location was being shown and a moment later he got an email that his iCloud account had been accessed from an unrecognised Windows PC. Though he immediately changed his Apple ID’s password and removed the unknown device, his stolen iPhone was already removed from his account and Find My was also switched off.
So, what went wrong? Vedant is a victim of a phishing scam, combined with a precise roadmap that scammers used. On a Saturday evening, his iPhone 12 was snatched and after the miscreants got their hands on the phone before the SIM card could be blocked, they took out the SIM and used it in another phone to call someone and get the phone number of the victim. Once they got the victim’s phone number, they just started waiting patiently for the victim to get a new SIM card with the same phone number. They didn’t use the stolen iPhone at all.
Two days later, when the scammers are sure that the victim must have had a number reissued via a new SIM card, they sent the phishing link to the victim where he himself provided his Apple ID and password. Once the scammers got his Apple ID and password, they logged into his account from a Windows PC and removed his lost iPhone 12 from the account so that Lost Mode can no longer function and they can do whatever they want with the stolen iPhone. Here’s the full thread where he narrated the whole incident.
Phishing awareness/alert 🚨
A thread 🪡
My iPhone was snatched this weekend while I was waiting at the roadside and using my phone. A pretty common scenario in Delhi from the past few years.
— Vedant (@vedantkhanduja) November 9, 2021
Mysmartprice reached out to Vedant to listen to the whole story and understand facts with more clarity. We asked him whether he informed Apple of his to which he replied back saying that he called Apple Care and explained everything and the call lasted for an hour or so. We also asked him if the webpage where he provide his Apple ID and password looked authentic and he replied back, “Yes, it looked super authentic with the UI matching Apple’s original UI. Even at the time of iCloud login, it all looked just very authentic. The only catch in the link was – it didn’t end at .com as there was a hyphen after .com.”
So, it’s quite clear that he has been a victim of a highly coordinated phishing scam where the scammers have actually used the stolen SIM to get the victim’s phone number to send a phishing link. However, the scammers seem to be using quite a reputable SMS gateway as the text Vedant got was from the same service address from which he gets OTP for Microsoft Outlook. Notably, Vedant works as a Social Media Strategist at a reputed agency in Delhi.
Note: The Twitter thread mentioned in the article may contain links, that we strongly advise avoiding. Readers must not click on any links they don’t recognise. That’s the first defence against phishing. Though the phishing link now seems to redirect to iCloud, you never know when things go wrong.
Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page