How was my phone number compromised from stolen device?

[pilonl14]

Short version:

Phone was stolen, iphone was locked when stolen but turned off by thief, findmyiphone set to lost mode with slim chance of retrieving it, 1 week later received iMessage allegedly from Apple Support (I now know it was fraudulent) stating that iphone had been found, please refer to specific location (Link). The link sent me to http://apple.info-app-apple.com/us which was an exact replica of apple's website asking for my appleid/password. Where I unknowingly entered in my appleid/password granting them access to my device (they immediately unlocked/switched the appleid from the stolen iphone) and locked me out of my icloud account. This gave them access to all of my data on my icloud, including contacts, photos, keychain, along with my personal name, address, last 4 credit card digits.



Apple Support has been contacted with all of this information and a case is being handled. But my biggest concern is the huge breach in security that occurred for this situation to have even propagated in the first place. How did these people gain access to my phone number/appleid from a locked/lost mode iphone 6S and then use this information to contact me? Are there not security measures in place to prevent this from happening?

 

[Sumter]

Did you have your number set for lost mode?

 

[lagwagon]

They probably put the phone into DFU (or maybe did something else) to figure out what email address the phone was iCloud Activation locked to.

Email address can be used to send an iMessage to. They sent it an iMessage to that email address as a "maybe this will work" kinda thing. You bought it and they gained access.

 

[pilonl14]

The device was passcode locked. When I realized that it was stolen, I rushed to icloud.com to try and locate it. Unfortunately it was already offline and calls would go straight to voicemail (assume phone was off). So that is when I made the decision to set the phone to lost mode remotely (via iclouds' findmyiphone feature).
[doublepost=1457240666][/doublepost]

They probably put the phone into DFU (or maybe did something else) to figure out what email address the phone was iCloud Activation locked to.

Email address can be used to send an iMessage to. They sent it an iMessage to that email address as a "maybe this will work" kinda thing. You bought it and they gained access.

So you are telling me someone can just simply put the stolen device in DFU mode and gain my appleid or phone number from the device? I'm not concerned for the phone as its probably already overseas but more concerned about the data breach where my personal info was taken. I was under the impression that apple would have programmed the phone preventing revealing my full appleid/phone number on a stolen device especially one that was "locked/lost". Does that not seem like a huge security breach?

 

[lagwagon]

he stolen device in DFU mode and gain my appleid or phone number from the device? I'm not concerned for the phone as its probably already overseas but more concerned about the data breach where my personal info was taken. I was under the impression that apple would have programmed the phone preventing revealing my full appleid/phone number on a stolen device especially one that was "locked/lost". Does that not seem like a huge security breach?

What I'm saying is. If they tried to wipe the phone and use it. They would discover what email address your Apple ID is using that iCloud Activation locks the phone with.

Unless you've unchecked that same email address as one of the possible ways to reach you by with iMessage (in the settings "You can be reached by iMessage by" followed by your number and email addresses. They probably did not know your phone number and used the same email address they would have seen the device being Activation locked to.

They used that email address the phish you for your password. And it worked. You bought the scam and gave them your password to your account.

 

[pilonl14]

What I'm saying is. If they tried to wipe the phone and use it. They would discover what email address your Apple ID is using that iCloud Activation locks the phone with.

Unless you've unchecked that same email address as one of the possible ways to reach you by with iMessage (in the settings "You can be reached by iMessage by" followed by your number and email addresses. They probably did not know your phone number and used the same email address they would have seen the device being Activation locked to.

They used that email address the phish you for your password. And it worked. You bought the scam and gave them your password to your account.

I understand now. But how exactly would they discover the Apple Id which the device is iCloud activation locked? Why would apple program the device to give a potential thief that info? The Apple Id should have been secure when the device was locked via the 4 digit pin and the lost mode on the device.
[doublepost=1457241658][/doublepost]Here is the screenshot of the phish site they used. Giving them the account id/password was my mistake but besides the point. They should have never been able to contact me in the first place.

 

[lagwagon]

I understand now. But how exactly would they discover the Apple Id which the device is iCloud activation locked? Why would apple program the device to give a potential thief that info? The Apple Id should have been secure when the device was locked via the 4 digit pin and the lost mode on the device.
[doublepost=1457241658][/doublepost]Here is the screenshot of the phish site they used. Giving them the account id/password was my mistake but besides the point. They should have never been able to contact me in the first place.

I believe it will prompt to enter in the password when wiping the phone. (Either before its wiped or after, I believe it's after) so that activating the phone can be done.

This is why you may hear stories of people buying a used iPhone and discovering that it's asking for the password to someone else's Apple ID. Making the phone they just purchased a useless paper weight, because they can't get into it without that password.

Devices get locked to your Apple ID when it gets activated for the very first time. This is called iCloud Activation Lock.

 

[pilonl14]

I believe it will prompt to enter in the password when wiping the phone. (Either before its wiped or after, I believe it's after) so that activating the phone can be done.

This is why you may hear stories of people buying a used iPhone and discovering that it's asking for the password to someone else's Apple ID. Making the phone they just purchased a useless paper weight, because they can't get into it without that password.

Devices get locked to your Apple ID when it gets activated for the very first time. This is called iCloud Activation Lock.

That is true however when in DFU mode or any other mode trying activate an iphone, the apple id lock menu will not display the entire apple id (it will be starred out) like for example pil******@icloud.com. Again this is my understanding of how the phone is programmed. So if that is the case how did this thief find a way to contact me via imessage?

 

[lagwagon]

That is true however when in DFU mode or any other mode trying activate an iphone, the apple id lock menu will not display the entire apple id (it will be starred out) like for example pil******@icloud.com. Again this is my understanding of how the phone is programmed. So if that is the case how did this thief find a way to contact me via imessage?

I suppose that's right. Forgot about the ****** blocked out it does.

No clue then. Sorry.

 

[pilonl14]

I suppose that's right. Forgot about the ****** blocked out it does.

No clue then. Sorry.

I appreciate the help.

I've been trying to wrap my head around this all day...anyone else have ideas of how they uncovered either my icloud name or phone number from a locked device to contact me via imessage?

 

[Lobwedgephil]

What was your lost mode message?

 

[C DM]

That is true however when in DFU mode or any other mode trying activate an iphone, the apple id lock menu will not display the entire apple id (it will be starred out) like for example pil******@icloud.com. Again this is my understanding of how the phone is programmed. So if that is the case how did this thief find a way to contact me via imessage?

They must have had other means of finding it. Perhaps it was someone that knew you or used some other social engineering way of finding your contact information. Or perhaps they took the SIM in the phone and put it in another one and found your number through that somehow. Or something else of that sort.

 

[pilonl14]

What was your lost mode message?

The message stated "Please contact if found. Followed by my roomate's number". I did not put my contact info in the message.
[doublepost=1457243335][/doublepost]

They must have had other means of finding it. Perhaps it was someone that knew you or used some other social engineering way of finding your contact information. Or perhaps they took the SIM in the phone and put it in another one and found your number through that somehow. Or something else of that sort.

Apple support traced the icloud account that contacted me to someone in Japan. They are currently monitoring the account and looking through it's history as it was probably used in thousands of stolen devices. I also had AT&T blacklist the IMEI number. I don't believe the person that stole the phone knew me, I believe it was stolen then sold to someone that operates overseas. My appleid or phone number is not on any social media accounts. Now that is interesting...would my SIM card store either my appleid or phone number? Could this be retrieved without a passcode?

 

[lagwagon]

I appreciate the help.

I've been trying to wrap my head around this all day...anyone else have ideas of how they uncovered either my icloud name or phone number from a locked device to contact me via imessage?

This is a wild, far fetched thought on how they could have possibly got your number.

http://m.imore.com/how-find-owner-lost-or-stolen-iphone

Specifically #4 in the list. The section about the IMEI.

They could have used that and maybe work for your carrier, know someone who works for your carrier or the workers at your carrier wrongfully gave out the info to someone bad and retrieved your number.

 

[Cergman]

I just tried it out and it turns out it's extremely easy to get a phone number from the phone's SIM. If you put a SIM in an iPhone (even if inactive), it will tell you the number on the sim in Settings > Phone. I just tried it with several SIMs I had lying around and it worked on all of them. Sorry to hear about the scam, but it seems like these are becoming more common. I just read about something identical to this a few weeks ago.

 

[lagwagon]

I just tried it out and it turns out it's extremely easy to get a phone number from the phone's SIM. If you put a SIM in an iPhone (even if inactive), it will tell you the number on the sim in Settings > Phone. I just tried it with several SIMs I had lying around and it worked on all of them. Sorry to hear about the scam, but it seems like these are becoming more common. I just read about something identical to this a few weeks ago.

Well. That pretty much solves the "how they got his number".

 

[alexmarchuk]

Yes, they can retrieve it from SIM card or by restoring it and it would prompt the restored phone for the password for your Apple ID that it's locked to.

The software did what it was designed to do, this was humor error on your part.

 

[C DM]

Yes, they can retrieve it from SIM card or by restoring it and it would prompt the restored phone for the password for your Apple ID that it's locked to.

The software did what it was designed to do, this was humor error on your part.

When you restore and promoted for iCloud password, the full Apple ID isn't displayed.

 

[alexmarchuk]

When you restore and promoted for iCloud password, the full Apple ID isn't displayed.

When I was restoring many devices couple years ago I'm pretty sure I recall my Apple ID being filled in when asked for password when setting up a restored iPhone. Might be wrong.

Edit: yeah I see now it is.

 

[deadsoul]

Did you place a phone number to reach you if the phone was found?

 

[canuckRus]

Short version:

Phone was stolen, iphone was locked when stolen but turned off by thief, findmyiphone set to lost mode with slim chance of retrieving it, 1 week later received iMessage allegedly from Apple Support (I now know it was fraudulent) stating that iphone had been found, please refer to specific location (Link). The link sent me to http://apple.info-app-apple.com/us which was an exact replica of apple's website asking for my appleid/password. Where I unknowingly entered in my appleid/password granting them access to my device (they immediately unlocked/switched the appleid from the stolen iphone) and locked me out of my icloud account. This gave them access to all of my data on my icloud, including contacts, photos, keychain, along with my personal name, address, last 4 credit card digits.



Apple Support has been contacted with all of this information and a case is being handled. But my biggest concern is the huge breach in security that occurred for this situation to have even propagated in the first place. How did these people gain access to my phone number/appleid from a locked/lost mode iphone 6S and then use this information to contact me? Are there not security measures in place to prevent this from happening?

Did you have "Hey Siri" on? Easy to send an iMessage this way.

 

[I7guy]

Did you have "Hey Siri" on? Easy to send an iMessage this way.

Only if accessible from lock screen.

 

[laudern]

You would think apple would want to shut down phishing sites like this. Obviously they don't care.

 

[I7guy]

You would think apple would want to shut down phishing sites like this. Obviously they don't care.

How could apple shut it down other than by contacting law enforcement or the registrar? They have no control over domains and content on the internet. They could have already started to take the proper steps. Almost all registrars have a TOS that should make it easy to shut down phishing sites like this, but it doesn't happen automatically.

 

[Chatter]

If Siri was turned on from lock screen "hey Siri, what is my contact info"... or something like that.

You would think apple would want to shut down phishing sites like this. Obviously they don't care.

Yes, totally obvious.