How was my phone number compromised from stolen device?

Discussion in 'iPhone' started by pilonl14, Mar 5, 2016.

  1. pilonl14 macrumors newbie

    Joined:
    Mar 5, 2016
    #1
    Short version:

    Phone was stolen, iphone was locked when stolen but turned off by thief, findmyiphone set to lost mode with slim chance of retrieving it, 1 week later received iMessage allegedly from Apple Support (I now know it was fraudulent) stating that iphone had been found, please refer to specific location (Link). The link sent me to http://apple.info-app-apple.com/us which was an exact replica of apple's website asking for my appleid/password. Where I unknowingly entered in my appleid/password granting them access to my device (they immediately unlocked/switched the appleid from the stolen iphone) and locked me out of my icloud account. This gave them access to all of my data on my icloud, including contacts, photos, keychain, along with my personal name, address, last 4 credit card digits.



    Apple Support has been contacted with all of this information and a case is being handled. But my biggest concern is the huge breach in security that occurred for this situation to have even propagated in the first place. How did these people gain access to my phone number/appleid from a locked/lost mode iphone 6S and then use this information to contact me? Are there not security measures in place to prevent this from happening?
     
  2. Sumter macrumors regular

    Sumter

    Joined:
    May 21, 2014
    #2
    Did you have your number set for lost mode?
     
  3. lagwagon Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #3
    They probably put the phone into DFU (or maybe did something else) to figure out what email address the phone was iCloud Activation locked to.

    Email address can be used to send an iMessage to. They sent it an iMessage to that email address as a "maybe this will work" kinda thing. You bought it and they gained access.
     
  4. pilonl14 thread starter macrumors newbie

    Joined:
    Mar 5, 2016
    #4
    The device was passcode locked. When I realized that it was stolen, I rushed to icloud.com to try and locate it. Unfortunately it was already offline and calls would go straight to voicemail (assume phone was off). So that is when I made the decision to set the phone to lost mode remotely (via iclouds' findmyiphone feature).
    --- Post Merged, Mar 5, 2016 ---
    So you are telling me someone can just simply put the stolen device in DFU mode and gain my appleid or phone number from the device? I'm not concerned for the phone as its probably already overseas but more concerned about the data breach where my personal info was taken. I was under the impression that apple would have programmed the phone preventing revealing my full appleid/phone number on a stolen device especially one that was "locked/lost". Does that not seem like a huge security breach?
     
  5. lagwagon Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #5
    What I'm saying is. If they tried to wipe the phone and use it. They would discover what email address your Apple ID is using that iCloud Activation locks the phone with.

    Unless you've unchecked that same email address as one of the possible ways to reach you by with iMessage (in the settings "You can be reached by iMessage by" followed by your number and email addresses. They probably did not know your phone number and used the same email address they would have seen the device being Activation locked to.

    They used that email address the phish you for your password. And it worked. You bought the scam and gave them your password to your account.
     
  6. pilonl14 thread starter macrumors newbie

    Joined:
    Mar 5, 2016
    #6
    I understand now. But how exactly would they discover the Apple Id which the device is iCloud activation locked? Why would apple program the device to give a potential thief that info? The Apple Id should have been secure when the device was locked via the 4 digit pin and the lost mode on the device.
    --- Post Merged, Mar 5, 2016 ---
    Here is the screenshot of the phish site they used. Giving them the account id/password was my mistake but besides the point. They should have never been able to contact me in the first place.
     

    Attached Files:

  7. lagwagon Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #7
    I believe it will prompt to enter in the password when wiping the phone. (Either before its wiped or after, I believe it's after) so that activating the phone can be done.

    This is why you may hear stories of people buying a used iPhone and discovering that it's asking for the password to someone else's Apple ID. Making the phone they just purchased a useless paper weight, because they can't get into it without that password.

    Devices get locked to your Apple ID when it gets activated for the very first time. This is called iCloud Activation Lock.
     
  8. pilonl14 thread starter macrumors newbie

    Joined:
    Mar 5, 2016
    #8
    That is true however when in DFU mode or any other mode trying activate an iphone, the apple id lock menu will not display the entire apple id (it will be starred out) like for example pil******@icloud.com. Again this is my understanding of how the phone is programmed. So if that is the case how did this thief find a way to contact me via imessage?
     
  9. lagwagon Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #9
    I suppose that's right. Forgot about the ****** blocked out it does.

    No clue then. Sorry.
     
  10. pilonl14 thread starter macrumors newbie

    Joined:
    Mar 5, 2016
    #10
    I appreciate the help.

    I've been trying to wrap my head around this all day...anyone else have ideas of how they uncovered either my icloud name or phone number from a locked device to contact me via imessage?
     
  11. Lobwedgephil macrumors 68030

    Joined:
    Apr 7, 2012
  12. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #12
    They must have had other means of finding it. Perhaps it was someone that knew you or used some other social engineering way of finding your contact information. Or perhaps they took the SIM in the phone and put it in another one and found your number through that somehow. Or something else of that sort.
     
  13. pilonl14 thread starter macrumors newbie

    Joined:
    Mar 5, 2016
    #13
    The message stated "Please contact if found. Followed by my roomate's number". I did not put my contact info in the message.
    --- Post Merged, Mar 5, 2016 ---
    Apple support traced the icloud account that contacted me to someone in Japan. They are currently monitoring the account and looking through it's history as it was probably used in thousands of stolen devices. I also had AT&T blacklist the IMEI number. I don't believe the person that stole the phone knew me, I believe it was stolen then sold to someone that operates overseas. My appleid or phone number is not on any social media accounts. Now that is interesting...would my SIM card store either my appleid or phone number? Could this be retrieved without a passcode?
     
  14. lagwagon Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #14
    This is a wild, far fetched thought on how they could have possibly got your number.

    http://m.imore.com/how-find-owner-lost-or-stolen-iphone

    Specifically #4 in the list. The section about the IMEI.

    They could have used that and maybe work for your carrier, know someone who works for your carrier or the workers at your carrier wrongfully gave out the info to someone bad and retrieved your number.
     
  15. Cergman macrumors 6502a

    Cergman

    Joined:
    Jan 1, 2013
    Location:
    my tesla
    #15
    I just tried it out and it turns out it's extremely easy to get a phone number from the phone's SIM. If you put a SIM in an iPhone (even if inactive), it will tell you the number on the sim in Settings > Phone. I just tried it with several SIMs I had lying around and it worked on all of them. Sorry to hear about the scam, but it seems like these are becoming more common. I just read about something identical to this a few weeks ago.
     
  16. lagwagon Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #16
    Well. That pretty much solves the "how they got his number".
     
  17. alexmarchuk macrumors 6502a

    alexmarchuk

    Joined:
    Jun 28, 2007
    Location:
    New Jersey
    #17
    Yes, they can retrieve it from SIM card or by restoring it and it would prompt the restored phone for the password for your Apple ID that it's locked to.

    The software did what it was designed to do, this was humor error on your part.
     
  18. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #18
    When you restore and promoted for iCloud password, the full Apple ID isn't displayed.
     
  19. alexmarchuk macrumors 6502a

    alexmarchuk

    Joined:
    Jun 28, 2007
    Location:
    New Jersey
    #19
    When I was restoring many devices couple years ago I'm pretty sure I recall my Apple ID being filled in when asked for password when setting up a restored iPhone. Might be wrong.

    Edit: yeah I see now it is.
     

    Attached Files:

  20. deadsoul macrumors regular

    Joined:
    Sep 10, 2015
    #20
    Did you place a phone number to reach you if the phone was found?
     
  21. canuckRus macrumors 6502

    canuckRus

    Joined:
    May 18, 2014
    #21

    Did you have "Hey Siri" on? Easy to send an iMessage this way.
     
  22. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #22
    Only if accessible from lock screen.
     
  23. laudern macrumors 6502a

    Joined:
    Jan 5, 2011
    #23
    You would think apple would want to shut down phishing sites like this. Obviously they don't care.
     
  24. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #24
    How could apple shut it down other than by contacting law enforcement or the registrar? They have no control over domains and content on the internet. They could have already started to take the proper steps. Almost all registrars have a TOS that should make it easy to shut down phishing sites like this, but it doesn't happen automatically.
     
  25. Chatter macrumors 6502a

    Joined:
    Jun 10, 2013
    Location:
    Uphill from Downtown
    #25
    If Siri was turned on from lock screen "hey Siri, what is my contact info"... or something like that.

    Yes, totally obvious. o_O
     

Share This Page