Phone thieves in Brazil began using phishing to steal iCloud data

This is a case of monkey phone theft in Japan, so far without phishing

Appliances Apple has always attracted both buyers and those who prefer to acquire the desired device "for free, that is, for nothing." It's about thieves. If we are talking about iPhone smartphones, then the thief who pulled the phone out of the owner’s pocket usually quickly faces opposition from the victim. The owner of the device is blocking the phone, and it is very difficult to restore its working capacity without iCloud account data.

For this reason, stolen phones with iCloud lock most often go for disassembly. Even if the phone is in perfect condition, there’s nothing left for the thief to do but disassemble it. Some offer such smartphones in small repair shops, someone sells devices on eBay. But some attackers are trying to get not only the phone, but the data to it. In Brazil, mobile device thieves have developed a phishing scheme to extract data from iCloud from inattentive people.

About this scheme says information security specialist Brian Krebs. According to him, a case that is relevant to the scheme mentioned above occurred recently in Brazil. About him Krebs told one of the readers of his blog. So, the wife of this reader was robbed by a team of three criminals. Among other things, they stole her phone. Almost immediately, the victim remotely blocked the device. In addition, she tried to locate the phone using the Find my iPhone application , although without much result.
')
Shortly after the robbery, the victim's husband began to send messages to the stolen phone with a proposal to buy the device. He wrote the following: “Dear Mr. Robber, since you cannot use the telephone, I propose to buy it from you. Good luck". The message was sent on Saturday, and on Sunday something else happened.

On this day, a man began to receive SMS-messages that a smartphone was found. They indicated that in order to get the device back, you just need to click on the link. The Brazilian turned out to be an attentive and cautious person (do not forget that this is not an IT specialist, but an ordinary user). Almost immediately, he realized that the message was an attempt to extract iCloud data. If you click on the link, the user gets a copy of the Brazilian version of the Apple site. Very inattentive and careless people (who are more than it seems) enter the data of their iCloud account on such a site and lose their phone account permanently.



The attackers tried, and were able to create an exact copy of the Apple site in Brazil, with a form to enter user credentials, as on the original resource. True, such a site is hosted on a free hosting (which, however, does not matter to the average user, the main thing is external similarity).



It is necessary to think that in the usual case the person whose phone was stolen, who received such a message, will get excited and click on the link. The message looks a bit strange, but most netizens are too careless. Getting to the site - a copy of the Apple site, such users with a high degree of probability will enter their data to find out where the phone is located. The robbers count on this. After learning the account data, they receive both the phone and the data for unlocking iCloud. After that, you can do whatever you want with your phone and account.

The message also indicates another address that leads the user to the phone search page, of course, also a fake one. Its design copies the Find My iPhone service design.

Actually, there is nothing surprising in the fact that criminals act in this way, since phishing is a long-standing tool that, however, remains very effective. But there is one more thing: the attackers started using calls. According to the victim’s husband, some time after receiving messages on his phone, they called from a strange number. After picking up the phone, he heard a synthesized voice that reported on the detection of the phone and offered to look in the SMS for more information. And this is a really effective move. Even if a person does not follow the link in the message, a call with good news about finding a phone can still provoke a click on the link.

The scheme, according to Brian Krebs, is relatively new. It poses a threat not only to Brazilian Apple technology lovers, but also to iPhone owners in other countries. Most likely, the attackers of their Brazilian colleagues will soon be confused and attackers from other countries. By the way, fraudsters in India, Bangladesh and the Philippines use a similar method. And it really works .

Whatever it was, but the Find My Phone App function should be enabled immediately after purchasing an Apple smartphone. This service allows you to enable loss mode, block a device, or remotely erase information. As soon as the phone appears online, the action selected by the user will be implemented.

In addition, it is often necessary to synchronize the phone with a computer, so that all data has been saved not only on the smartphone. In this case, even if the phone is stolen (with the condition of the active Find My Phone service), the user can erase the data from the phone. A copy of this information remains available on the PC. In addition, computer security experts say that you should be more careful and always question the messages (SMS, e-mail, etc.) that come from strangers or organizations.



When Apple loses a phone, Apple recommends using the Find my phone application, or entering the appropriate section of the site, localizing the device, and enabling the loss mode. Plus it is worth informing the operator about the loss (this does not work in all countries).

Even if the Find my Phone function was not enabled on the lost smartphone, the user can change the password from Apple ID and replace access data for other accounts in third-party services.