Losing your iPhone already sucks, but at least with modern devices, you can brick it remotely and be certain it’s not going to be worth more than just parts. That’s the idea, anyway, but as Joonas Kiminki recently discovered, things can be a little different if the thieves are clever.

In a post on Medium, Kiminki details how someone with his phone used a good phishing scam to try and get his iCloud account details, which would have enabled them to open his iPhone, reset it, and sell it as a perfectly working device. Even if you’re careful with phishing scams, this one is easy to fall for.

DON’T MISS: The only bad cell company is Sprint

Kiminki’s phone was stolen from a car, through a broken window. As soon as he discovered the theft, he marked the phone as lost, and set Find My iPhone to send an email if it was found.

A couple days later, he received an email apparently from Apple, saying the iPhone was found, and providing an iCloud login link to see the address. Any reasonable person would probably click the link and enter their details, but it’s really just a classic phishing scam.

The email was sent from a Gmail account set up to look like Apple, and the URL for the login page was show-iphone-location.com — not a legit Apple site.

Kiminki’s theory is that the thieves found his name through his Medical ID, used that to find his email, and then set up the phishing attack so that they could get his details and unlock his iPhone. In this case, they picked the wrong target, as Kiminki’s a director of a technology firm. But for most people, it’s an annoying new thing to watch out for when you lose your phone.

View Comments