A clever phishing scheme has been spotted targeting users who have had their iPad or iPhone stolen, leading researchers to believe that it has been set up by a criminal group that offers thieves the service of finding out the information necessary to unlock the stolen devices.
As you may or may not now, iOS device users can switch on Lost Mode on iOS’ Find My Phone feature, which makes the locked device sport a message to the finder of the lost device, often with instructions on how to contact them to return it.
The scheme starts with a message sent to the contact phone number provided by the legitimate user. The message seems like it’s coming from Apple, and tries to trick the recipient into believing his device has been located. In order to see the location, the user has to follow the offered link.
Unfortunately for them, the link takes them to a very legitimate looking spoof of Apple’s iCloud login page:
The address of the page includes the word “icloud” to seem legitimate, and another indication that this is more than just a simple random iCloud phishing scheme is the fact that the site is available in ten different languages.
“In this campaign, the attackers’ ultimate aim is to acquire the user’s iCloud credentials in order to turn Lost Mode off and make the stolen device usable,” Malwarebytes’ Joji Hamada points out. “Owners who are emotionally distressed due to the loss of their iPhone or iPad may easily fall for the scam, as they may be desperate to get their device back.”
Users are advised to always be careful when evaluating the legitimacy of unsolicited messages from unknown sources, and to err on the side of safety if they can’t tell whether a message is genuine or was sent with malicious intent.