Text Promises To Find Missing iPhone Wants To Steal Your iCloud Login Details


Say that you have lost your iPhone or iPad and you don’t even have Find My Phone activated on your device.

Next, you are going to receive a text message on your phone number in which you are asked to visit Apple’s website. You feel that Apple cares for you as you have probably registered a complaint… or sent an email to see if there was any way to track your lost iPhone / iPad.


Here’s where it gets interesting.

When you check the text message that contains a website link and click on that link – you will be directed to this page:

stolen-iphone-scam-website

Before you can guess, let me tell you this is a “fake” page designed to steal your Apple account details. It is a phishing page that has been created with the intention to manipulate you to acquire your Apple login ID and password details.

And the biggest surprise is that it looks exactly like the original Apple website. Can’t tell the difference, right?

How It Works

When anyone new to iOS or the web visits such pages, they naturally believe it’s an Apple website as the menu points to the original site. However… on further investigation and closer look, you will notice the domain name is not owned by Apple.

In fact, some scammers bought this domain name, then activated privacy (so their name, address, and phone numbers are hidden), and created such page to capture Apple ID and password.

Once the login details are entered, your information goes to the scammer and you will be redirected to the iCloud.com page.

And why are these scammers stealing your details? The answer is simple. As having access to Apple ID / password means having access to iCloud – and that iCloud account can be exploited in many ways.

Any scammer / thief can use iCloud login details to wipe out the details from your device. (Yeah, what if the missing device was actually stolen by these scammers?). In anyway, we request you to be aware of such text messages promising to track your iPhone / iPad details…

Fortunately:

Apple Stops Such Phishing Sites

Right after Reddit reported this incident, followed by an extensive coverage at iOS 8 Release, we now see that Apple has blocked the phishing page on Safari browser.

You get a warning on your iPhone / iPad when you try to access the page. Warning reads like this: “Suspected Phishing Site.”

The website you are visiting has been reported as a “phishing” website. These websites are designed to trick you into disclosing personal or financial information, usually by creating a copy of a legitimate website, such as a bank.

Here is the warning page requesting you to “go back” or “ignore this warning” message:

phishing-site-warning
While it is a little too late for us to report, but keep in mind that such phishing sites pop up almost everyday. Some go unnoticed while others manage to steal Apple details in thousands.

And these phishing tricks comes in various forms: text messages, emails asking you to reset password, etc. Just be attentive and make sure the website has “apple.com” in the URL somewhere.

←Previous post Next post→