Short version: Phone was stolen, iphone was locked when stolen but turned off by thief, findmyiphone set to lost mode with slim chance of retrieving it, 1 week later received iMessage allegedly from Apple Support (I now know it was fraudulent) stating that iphone had been found, please refer to specific location (Link). The link sent me to http://apple.info-app-apple.com/us which was an exact replica of apple's website asking for my appleid/password. Where I unknowingly entered in my appleid/password granting them access to my device (they immediately unlocked/switched the appleid from the stolen iphone) and locked me out of my icloud account. This gave them access to all of my data on my icloud, including contacts, photos, keychain, along with my personal name, address, last 4 credit card digits. Apple Support has been contacted with all of this information and a case is being handled. But my biggest concern is the huge breach in security that occurred for this situation to have even propagated in the first place. How did these people gain access to my phone number/appleid from a locked/lost mode iphone 6S and then use this information to contact me? Are there not security measures in place to prevent this from happening?