iPhone thieves use spear phishing to steal unlock PINs

Professional international gangs of thieves have developed a new scam to resell stolen iPhones at the highest possible price: They try to persuade their victims to reveal their device PIN with professionally designed phishing sites. As Mac & i reader Michael Kania, who runs an IT service, reports, he recently encountered such a case with a customer in Barcelona. His iPhone had been stolen from him at the market in La Rambla. The device was locked, and the police were informed. As is usually the case, the lock screen displayed contact information – in this case that of his wife.

Thieves become phishers

After notifying the police, the iPhone was tracked to a certain neighborhood in Barcelona. “Shortly afterwards, my customer's wife received a text message purporting to be from Apple,” says Kania. This contained a link with the correct device name, iPhone 15 Pro Max. Localization is possible under the link. “The whole thing was quite well faked and not immediately recognizable to the layman that it was not an Apple domain.” After opening the link, a perfectly faked iPhone lock screen appeared in the browser, with the exception of spelling mistakes. The thieves were probably hoping that the user would enter the real lock code.

Of course, the victim did not do this, but entered a fake code to keep the thieves busy – in the hope that they would go online with it. Over the following days, further text messages with alleged location messages and the same link – were sent again and again in an attempt to elicit the PIN from the victim. The police could do nothing more. Eventually, the stolen iPhone was found via “Where is?” in Shenzhen, China, where it was probably dismantled into individual parts. Fortunately, it was at least possible to delete the data on the device remotely.

iPhone PIN of central importance

Thieves are known to try to obtain the device PIN after the fact. In Shenzhen, for example, there are said to be iPhone recyclers who “blackmail” users: they use the contact address on the locked iPhone to send the message that the device will be sold on to “hackers” if it cannot be deleted thanks to the PIN. In the metropolis near Hong Kong, there is said to be a whole house full of companies that specialize in unlocking and dismantling stolen Apple smartphones. For victims of theft, this means that you have to be very careful after the theft: Messages from the thieves must not be trusted, strange links must not be clicked on.

The iPhone PIN has even more significance than just for unlocking the device: for a long time, it was also an important access medium for the Apple account, on which practically everything depends. Since iOS 17.3, Apple has implemented a new anti-theft mode here.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(bsc)